CVE-2014-6053

Name of the Vulnerable Software and Affected Versions kdenetwork-kopete-devel version 4.10.5 kdenetwork-kopete version 4.10.5 kdenetwork-krdc version 4.10.5 kdenetwork-kget-libs version 4.10.5 kdenetwork-krfb-libs version 4.10.5 kdenetwork-kdnssd version 4.10.5 kdenetwork-fileshare-samba version 4.10.5 kdenetwork-devel version 4.10.5 kdenetwork-common version 4.10.5 kdenetwork-krdc-devel version 4.10.5 kdenetwork-kget version 4.10.5 kdenetwork-krdc-libs version 4.10.5 kdenetwork-kopete-libs version 4.10.5 kdenetwork-krfb version 4.10.5 kdenetwork-debuginfo version 4.10.5

Description The issue is related to multiple vulnerabilities in the kdenetwork package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely by an attacker who has passed the authentication procedure. The vulnerabilities are associated with various components of the kdenetwork package, including kdenetwork-kopete-devel, kdenetwork-kopete, kdenetwork-krdc, kdenetwork-kget-libs, kdenetwork-krfb-libs, kdenetwork-kdnssd, kdenetwork-fileshare-samba, kdenetwork-devel, kdenetwork-common, kdenetwork-krdc-devel, kdenetwork-kget, kdenetwork-krdc-libs, kdenetwork-kopete-libs, kdenetwork-krfb, and kdenetwork-debuginfo. The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Recommendations For kdenetwork-kopete-devel version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-kopete version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-krdc version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-kget-libs version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-krfb-libs version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-kdnssd version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-fileshare-samba version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-devel version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-common version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-krdc-devel version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-kget version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-krdc-libs version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-kopete-libs version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-krfb version 4.10.5, update to a newer version to mitigate the risk. For kdenetwork-debuginfo version 4.10.5, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the rfbProcessClientNormalMessage function until a patch is available.