lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1D7KFy-0008WV-70@updates.mandrakesoft.com>
Date: Fri, 04 Mar 2005 14:22:46 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           gaim
 Advisory ID:            MDKSA-2005:049
 Date:                   March 4th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Gaim versions prior to version 1.1.4 suffer from a few security issues
 such as the HTML parses not sufficiently validating its input.  This
 allowed a remote attacker to crash the Gaim client be sending certain
 malformed HTML messages (CAN-2005-0208 and CAN-2005-0473).
 
 As well, insufficient input validation was also discovered in the
 "Oscar" protocol handler, used for ICQ and AIM.  By sending specially
 crafted packets, remote users could trigger an inifinite loop in Gaim
 causing it to become unresponsive and hang (CAN-2005-0472).
 
 Gaim 1.1.4 is provided and fixes these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473
  http://gaim.sourceforge.net/security/index.php?id=10
  http://gaim.sourceforge.net/security/index.php?id=11
  http://gaim.sourceforge.net/security/index.php?id=12
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 ee4aaf22c265f3f6e7f37beccf212301  10.0/RPMS/gaim-1.1.4-2.1.100mdk.i586.rpm
 b19bd7c212fa8c9427d88a5fa7b489ef  10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.i586.rpm
 628d5e1b676124e01454dea9ea05aa73  10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.i586.rpm
 797ab3e00c5d0f2616afb86edb782859  10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.i586.rpm
 8b9e89290a35eb7b4e4e9829e0275312  10.0/RPMS/libgaim-remote0-1.1.4-2.1.100mdk.i586.rpm
 519796a3cd3ca9813369b6cb22954f89  10.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.100mdk.i586.rpm
 7819e5b641eb8fe7f34e930ff3d699a6  10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 cc92e812426003d7b7e36ea7cee7a96d  amd64/10.0/RPMS/gaim-1.1.4-2.1.100mdk.amd64.rpm
 9588ea7e5912fffa33bcb354c38c4a18  amd64/10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.amd64.rpm
 b5a180a8888a5da8e8d323fa9a575e78  amd64/10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.amd64.rpm
 1f591a16acfb9c69204865a41df0a917  amd64/10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.amd64.rpm
 81a37dafd3c90ece97fd228fe7d733df  amd64/10.0/RPMS/lib64gaim-remote0-1.1.4-2.1.100mdk.amd64.rpm
 665f07ab92a205812235526599bf65df  amd64/10.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.100mdk.amd64.rpm
 7819e5b641eb8fe7f34e930ff3d699a6  amd64/10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 4cda3906dcb6520428b4f1bc42f6174e  10.1/RPMS/gaim-1.1.4-2.1.101mdk.i586.rpm
 49f93da18c44ba5c22c87186e4c0988f  10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.i586.rpm
 0f2dda29cdf649ba976cd0721b5a867c  10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.i586.rpm
 1bb9c654b3d226b6209a95248fc1723f  10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.i586.rpm
 d923dad213f3538205b1ef0cac626a35  10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.i586.rpm
 a930169e43850f519a0eacd11212e78a  10.1/RPMS/libgaim-remote0-1.1.4-2.1.101mdk.i586.rpm
 dda84886d6c3f18fc24c5b73621bdaef  10.1/RPMS/libgaim-remote0-devel-1.1.4-2.1.101mdk.i586.rpm
 729dca43d227506fcf39e6b8583496fa  10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 697c22ee6faa5a0e5e745ca590704b6f  x86_64/10.1/RPMS/gaim-1.1.4-2.1.101mdk.x86_64.rpm
 cd39d48dc21ead77da4c9739e9098de0  x86_64/10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.x86_64.rpm
 01188511f0315df83f46cee36d9d3427  x86_64/10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.x86_64.rpm
 5a44092f51a6de2bf1ebb5f516b91cfa  x86_64/10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.x86_64.rpm
 82b356c4f8bd0f43a2bc390ce5c34442  x86_64/10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.x86_64.rpm
 038bb0b8edfa3eb9716e9bd08d24cd2c  x86_64/10.1/RPMS/lib64gaim-remote0-1.1.4-2.1.101mdk.x86_64.rpm
 149c20340da5935666152c83749ca8d0  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.101mdk.x86_64.rpm
 729dca43d227506fcf39e6b8583496fa  x86_64/10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm

 Corporate 3.0:
 face699482ea9de9d93b42c5c8d5a384  corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.i586.rpm
 39a2f2e483c68fb3ca5714a0d27e14e9  corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.i586.rpm
 a63a03508343e78353edbe99aca94ec9  corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.i586.rpm
 3bbcff0593e85157d0e0bb02dfbfa90c  corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.i586.rpm
 87ac2f9b85cbaf9309c17ce0fbb9daf9  corporate/3.0/RPMS/libgaim-remote0-1.1.4-2.1.C30mdk.i586.rpm
 2352333d9dc21a41645b0f26ae47f6b3  corporate/3.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.C30mdk.i586.rpm
 e9d4f10f138cdb3af653f3bb13319f62  corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 fa834d8d43b2cde15f94da06d228c704  x86_64/corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.x86_64.rpm
 dd31e9bf2d7497ab5452df2c75194e1b  x86_64/corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.x86_64.rpm
 8283718b4bc5a9fa51655b2affed2136  x86_64/corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.x86_64.rpm
 11ecf0ed5491cf98f68d0a3224765e1e  x86_64/corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.x86_64.rpm
 3c10e0b33ec75788c0a4ac97e8057c58  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.1.4-2.1.C30mdk.x86_64.rpm
 f1a2c0cf86d65ed2366d984bfe5104bc  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.C30mdk.x86_64.rpm
 e9d4f10f138cdb3af653f3bb13319f62  x86_64/corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCKNGmmqjQ0CJFipgRAkkuAJ9JhXEDunqTrXkT0BARjvvrjHEMZwCgxI+w
3REK8OF4tdIuoEGrIsguS2k=
=N53O
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists