lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1D7KFy-0008WV-70@updates.mandrakesoft.com> Date: Fri, 04 Mar 2005 14:22:46 -0700 From: Mandrakelinux Security Team <security@...ux-mandrake.com> To: bugtraq@...urityfocus.com Subject: MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: gaim Advisory ID: MDKSA-2005:049 Date: March 4th, 2005 Affected versions: 10.0, 10.1, Corporate 3.0 ______________________________________________________________________ Problem Description: Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parses not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages (CAN-2005-0208 and CAN-2005-0473). As well, insufficient input validation was also discovered in the "Oscar" protocol handler, used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an inifinite loop in Gaim causing it to become unresponsive and hang (CAN-2005-0472). Gaim 1.1.4 is provided and fixes these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473 http://gaim.sourceforge.net/security/index.php?id=10 http://gaim.sourceforge.net/security/index.php?id=11 http://gaim.sourceforge.net/security/index.php?id=12 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: ee4aaf22c265f3f6e7f37beccf212301 10.0/RPMS/gaim-1.1.4-2.1.100mdk.i586.rpm b19bd7c212fa8c9427d88a5fa7b489ef 10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.i586.rpm 628d5e1b676124e01454dea9ea05aa73 10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.i586.rpm 797ab3e00c5d0f2616afb86edb782859 10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.i586.rpm 8b9e89290a35eb7b4e4e9829e0275312 10.0/RPMS/libgaim-remote0-1.1.4-2.1.100mdk.i586.rpm 519796a3cd3ca9813369b6cb22954f89 10.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.100mdk.i586.rpm 7819e5b641eb8fe7f34e930ff3d699a6 10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: cc92e812426003d7b7e36ea7cee7a96d amd64/10.0/RPMS/gaim-1.1.4-2.1.100mdk.amd64.rpm 9588ea7e5912fffa33bcb354c38c4a18 amd64/10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.amd64.rpm b5a180a8888a5da8e8d323fa9a575e78 amd64/10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.amd64.rpm 1f591a16acfb9c69204865a41df0a917 amd64/10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.amd64.rpm 81a37dafd3c90ece97fd228fe7d733df amd64/10.0/RPMS/lib64gaim-remote0-1.1.4-2.1.100mdk.amd64.rpm 665f07ab92a205812235526599bf65df amd64/10.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.100mdk.amd64.rpm 7819e5b641eb8fe7f34e930ff3d699a6 amd64/10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm Mandrakelinux 10.1: 4cda3906dcb6520428b4f1bc42f6174e 10.1/RPMS/gaim-1.1.4-2.1.101mdk.i586.rpm 49f93da18c44ba5c22c87186e4c0988f 10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.i586.rpm 0f2dda29cdf649ba976cd0721b5a867c 10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.i586.rpm 1bb9c654b3d226b6209a95248fc1723f 10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.i586.rpm d923dad213f3538205b1ef0cac626a35 10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.i586.rpm a930169e43850f519a0eacd11212e78a 10.1/RPMS/libgaim-remote0-1.1.4-2.1.101mdk.i586.rpm dda84886d6c3f18fc24c5b73621bdaef 10.1/RPMS/libgaim-remote0-devel-1.1.4-2.1.101mdk.i586.rpm 729dca43d227506fcf39e6b8583496fa 10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 697c22ee6faa5a0e5e745ca590704b6f x86_64/10.1/RPMS/gaim-1.1.4-2.1.101mdk.x86_64.rpm cd39d48dc21ead77da4c9739e9098de0 x86_64/10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.x86_64.rpm 01188511f0315df83f46cee36d9d3427 x86_64/10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.x86_64.rpm 5a44092f51a6de2bf1ebb5f516b91cfa x86_64/10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.x86_64.rpm 82b356c4f8bd0f43a2bc390ce5c34442 x86_64/10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.x86_64.rpm 038bb0b8edfa3eb9716e9bd08d24cd2c x86_64/10.1/RPMS/lib64gaim-remote0-1.1.4-2.1.101mdk.x86_64.rpm 149c20340da5935666152c83749ca8d0 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.101mdk.x86_64.rpm 729dca43d227506fcf39e6b8583496fa x86_64/10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm Corporate 3.0: face699482ea9de9d93b42c5c8d5a384 corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.i586.rpm 39a2f2e483c68fb3ca5714a0d27e14e9 corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.i586.rpm a63a03508343e78353edbe99aca94ec9 corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.i586.rpm 3bbcff0593e85157d0e0bb02dfbfa90c corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.i586.rpm 87ac2f9b85cbaf9309c17ce0fbb9daf9 corporate/3.0/RPMS/libgaim-remote0-1.1.4-2.1.C30mdk.i586.rpm 2352333d9dc21a41645b0f26ae47f6b3 corporate/3.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.C30mdk.i586.rpm e9d4f10f138cdb3af653f3bb13319f62 corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: fa834d8d43b2cde15f94da06d228c704 x86_64/corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.x86_64.rpm dd31e9bf2d7497ab5452df2c75194e1b x86_64/corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.x86_64.rpm 8283718b4bc5a9fa51655b2affed2136 x86_64/corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.x86_64.rpm 11ecf0ed5491cf98f68d0a3224765e1e x86_64/corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.x86_64.rpm 3c10e0b33ec75788c0a4ac97e8057c58 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.1.4-2.1.C30mdk.x86_64.rpm f1a2c0cf86d65ed2366d984bfe5104bc x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.C30mdk.x86_64.rpm e9d4f10f138cdb3af653f3bb13319f62 x86_64/corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCKNGmmqjQ0CJFipgRAkkuAJ9JhXEDunqTrXkT0BARjvvrjHEMZwCgxI+w 3REK8OF4tdIuoEGrIsguS2k= =N53O -----END PGP SIGNATURE-----
Powered by blists - more mailing lists