Ubuntu
konversation package

[CVE] Crash in IRC message parsing

Bug #1731797 reported by Simon Quigley
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kubuntu PPA
Fix Released
High
Simon Quigley
konversation (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Steve Beattie
Xenial
Fix Released
High
Steve Beattie
Zesty
Fix Released
High
Steve Beattie
Artful
Fix Released
High
Steve Beattie
Bionic
Fix Released
High
Unassigned

Bug Description

KDE Project Security Advisory
=============================

Title: Konversation: Crash in IRC message parsing
Risk Rating: High
CVE: CVE-2017-15923
Versions: konversation <= 1.7.2
Date: 12 November 2017

Overview
========
Konversation has support for colors in IRC messages. Any malicious user connected to the
same IRC network can send a carefully crafted message that will crash the Konversation user client.

Workaround
==========
Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom)

Solution
========
Update to Konversation > 1.7.2

Or apply the following patches:
1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902
1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f
1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
1.4: the patch for 1.5 will apply, but you should upgrade

Credits
=======
Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.

CVE References

Simon Quigley (tsimonq2)
Changed in konversation (Ubuntu Bionic):
status: New → Fix Released
Changed in konversation (Ubuntu Trusty):
status: New → Triaged
Changed in konversation (Ubuntu Xenial):
status: New → Triaged
Changed in konversation (Ubuntu Zesty):
status: New → Triaged
Changed in konversation (Ubuntu Artful):
status: New → Triaged
Changed in konversation (Ubuntu Trusty):
importance: Undecided → High
Changed in konversation (Ubuntu Xenial):
importance: Undecided → High
Changed in konversation (Ubuntu Zesty):
importance: Undecided → High
Changed in konversation (Ubuntu Artful):
importance: Undecided → High
Changed in konversation (Ubuntu Bionic):
importance: Undecided → High
Changed in konversation (Ubuntu Trusty):
assignee: nobody → Simon Quigley (tsimonq2)
Changed in konversation (Ubuntu Xenial):
assignee: nobody → Simon Quigley (tsimonq2)
Changed in konversation (Ubuntu Zesty):
assignee: nobody → Simon Quigley (tsimonq2)
Changed in konversation (Ubuntu Artful):
assignee: nobody → Simon Quigley (tsimonq2)
Simon Quigley (tsimonq2)
Changed in kubuntu-ppa:
assignee: nobody → Simon Quigley (tsimonq2)
importance: Undecided → High
status: New → Triaged
Simon Quigley (tsimonq2)
Changed in konversation (Ubuntu Trusty):
status: Triaged → In Progress
Changed in konversation (Ubuntu Xenial):
status: Triaged → In Progress
Changed in konversation (Ubuntu Artful):
status: Triaged → In Progress
Changed in konversation (Ubuntu Zesty):
status: Triaged → In Progress
Changed in kubuntu-ppa:
status: Triaged → In Progress
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Packages are available for testing in ppa:tsimonq2/security-builds and in ppa:kubuntu-ppa/backports-landing. More details are available here: https://lists.ubuntu.com/archives/kubuntu-devel/2017-November/011487.html

Revision history for this message
Simon Quigley (tsimonq2) wrote :

I uploaded debdiffs and dsc files with the patch applied here: http://people.ubuntu.com/~tsimonq2/.cves/konversation/

I have tested each package on each respective Kubuntu release, and they work without regresssions and fix the problem.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks Simon, I'm looking at these now.

Changed in konversation (Ubuntu Artful):
assignee: Simon Quigley (tsimonq2) → Steve Beattie (sbeattie)
Changed in konversation (Ubuntu Zesty):
assignee: Simon Quigley (tsimonq2) → Steve Beattie (sbeattie)
Changed in konversation (Ubuntu Xenial):
assignee: Simon Quigley (tsimonq2) → Steve Beattie (sbeattie)
Changed in konversation (Ubuntu Trusty):
assignee: Simon Quigley (tsimonq2) → Steve Beattie (sbeattie)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.5-1ubuntu1.14.04.2

---------------
konversation (1.5-1ubuntu1.14.04.2) trusty-security; urgency=high

  * SECURITY UPDATE: Crash in IRC message parsing (LP: #1731797):
    - kubuntu_03_CVE-2017-15923.diff: ensure integer overflow has not
      happened
    - CVE-2017-15923
    - https://www.kde.org/info/security/advisory-20171112-1.txt

 -- Simon Quigley <email address hidden> Tue, 21 Nov 2017 15:11:10 -0800

Changed in konversation (Ubuntu Trusty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.6.2-0ubuntu1.1

---------------
konversation (1.6.2-0ubuntu1.1) zesty-security; urgency=high

  * SECURITY UPDATE: Crash in IRC message parsing (LP: #1731797):
    - CVE-2017-15923.patch: ensure integer overflow has not happened
    - CVE-2017-15923
    - https://www.kde.org/info/security/advisory-20171112-1.txt

 -- Simon Quigley <email address hidden> Tue, 21 Nov 2017 14:23:02 -0800

Changed in konversation (Ubuntu Zesty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.7.2-1ubuntu1.1

---------------
konversation (1.7.2-1ubuntu1.1) artful-security; urgency=high

  * SECURITY UPDATE: Crash in IRC message parsing (LP: #1731797):
    - CVE-2017-15923.patch: ensure integer overflow has not happened
    - CVE-2017-15923
    - https://www.kde.org/info/security/advisory-20171112-1.txt

 -- Simon Quigley <email address hidden> Tue, 21 Nov 2017 11:34:38 -0800

Changed in konversation (Ubuntu Artful):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package konversation - 1.6-0ubuntu1.1

---------------
konversation (1.6-0ubuntu1.1) xenial-security; urgency=high

  * SECURITY UPDATE: Crash in IRC message parsing (LP: #1731797):
    - CVE-2017-15923.patch: ensure integer overflow has not happened
    - CVE-2017-15923
    - https://www.kde.org/info/security/advisory-20171112-1.txt

 -- Simon Quigley <email address hidden> Tue, 21 Nov 2017 14:21:46 -0800

Changed in konversation (Ubuntu Xenial):
status: In Progress → Fix Released
Revision history for this message
Tyler Hicks (tyhicks) wrote :

I'm unsubscribing ubuntu-security-sponsors since the archive updates have all been sponsored. Thanks!

Revision history for this message
Simon Quigley (tsimonq2) wrote :

Whoops, this was fixed in the PPA a while ago. Marking as such.

Changed in kubuntu-ppa:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.