Debian Security Advisory
DSA-1318-1 ekg -- several vulnerabilities
- Date Reported:
- 22 Jun 2007
- Affected Packages:
- ekg
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2005-2370, CVE-2005-2448, CVE-2007-1663, CVE-2007-1664, CVE-2007-1665.
- More information:
-
Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2005-2370
It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge.
- CVE-2005-2448
It was discovered that several endianess errors may allow remote attackers to cause a denial of service. This only affects Debian Sarge.
- CVE-2007-1663
It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch.
- CVE-2007-1664
It was discovered that a null pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch.
- CVE-2007-1665
It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch.
For the oldstable distribution (sarge) these problems have been fixed in version 1.5+20050411-7. This updates lacks updated packages for the m68k architecture. They will be provided later.
For the stable distribution (etch) these problems have been fixed in version 1:1.7~rc2-1etch1.
For the unstable distribution (sid) these problems have been fixed in version 1:1.7~rc2-2.
We recommend that you upgrade your ekg packages.
- CVE-2005-2370
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.dsc
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_alpha.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_amd64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_arm.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_hppa.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_ia64.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mips.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_s390.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_sparc.deb
- http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.