"licq" is a very popular ICQ graphical client. Previous versions
have two vulnerabilities that could be exploited by a remote
attacker to execute arbitrary commands on the client host. The
first vulnerability is a buffer overflow in a log function. The
second vulnerability consists in the use of the system() function
to invoke an external browser when an URL is received. This
function will expand and interpret shell characters and this could
be used to execute commands on behalf of the user running licq.
It is recommended that all licq users install the update for their
specific version of the distribution.
Users of Conectiva Linux version 6.0 or higher may use apt to
perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not
(you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.