Public bug reported: https://www.kde.org/info/security/advisory-20140923-1.txt
Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service (crash) and an information leak of up to 11 bytes due to an out-of-bounds read on a heap-allocated array. fix at http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7 ** Affects: konversation (Ubuntu) Importance: Undecided Status: New ** Affects: konversation (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: konversation (Ubuntu Precise) Importance: Undecided Status: New ** Affects: konversation (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: konversation (Ubuntu Utopic) Importance: Undecided Status: New ** Affects: konversation (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1389296 Title: konversation: out-of-bounds read on a heap-allocated array To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/konversation/+bug/1389296/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
