Debian Security Advisory DSA 193-1 (kdenetwork)

The remote host is missing an update to kdenetwork announced via advisory DSA 193-1.

iDEFENSE reports a security vulnerability in the klisa package, that provides a LAN information service similar to Network Neighbourhood, which was discovered by Texonet. It is possible for a local attacker to exploit a buffer overflow condition in resLISa, a restricted version of KLISa. The vulnerability exists in the parsing of the LOGNAME environment variable, an overly long value will overwrite the instruction pointer thereby allowing an attacker to seize control of the executable. This problem has been fixed in version 2.2.2-14.2 the current stable distribution (woody) and in version 2.2.2-14.3 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a kdenetwork package We recommend that you upgrade your klisa package immediately.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20193-1