lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 May 2005 18:41:57 +0200
From: Martin Pitt <>
Subject: [USN-125-1] Gaim vulnerabilities

Ubuntu Security Notice USN-125-1	       May 12, 2005
gaim vulnerabilities
CAN-2005-0967, CAN-2005-1261, CAN-2005-1261

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.4 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.1
(for Ubuntu 5.04). After a standard system upgrade you have to restart
Gaim to effect the necessary changes.

Details follow:

Marco Alvarez found a Denial of Service vulnerability in the Jabber
protocol handler. A remote attacker could exploit this to crash Gaim
by sending specially crafted file transfers to the user.

Stu Tomlinson discovered an insufficient bounds checking flaw in the
URL parser. By sending a message containing a very long URL, a remote
attacker could crash Gaim or execute arbitrary code with the
privileges of the user. This was not possible on all protocols, due to
message length restrictions. Jabber are SILC were known to be
vulnerable. (CAN-2005-1261)

Siebe Tolsma discovered a Denial of Service attack in the MSN handler.
By sending a specially crafted SLP message with an empty body, a
remote attacker could crash Gaim. (CAN-2005-1262)

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:
      Size/MD5:    46992 d36bd86fc86d0e1ed7cff852f262b3bd
      Size/MD5:      853 6a263a078b6fbf53822e59f466a8aae2
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:  3444626 df8476ccc632e61dc8b7adc8567d3d46

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:  3354914 5dbdc651c4ec1bea08e2bc5061c80522

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:  3418282 8f3a48a0148143b4bb3c0d700417422f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:
      Size/MD5:   106708 245a83a77b4ad58e3c9316f40b566cb2
      Size/MD5:      991 b125a9154cf19e7d7947acb8418be0b5
      Size/MD5:  5188552 b55bf3217b271918384f3f015a6e5b62

  Architecture independent packages:
      Size/MD5:   603526 7f96838ec2b78882660115c39823aebe

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   101620 b2e42f7a640536c1165b43e7002f4fa6
      Size/MD5:   934090 ce17f19071a91c6af0ef361dd90f4bc8

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   101620 616d89e2302ce0ee0f8d9493a24a1988
      Size/MD5:   845470 e28a7383e86bf572dad84928b0b25624

  ia64 architecture (Intel Itanium)
      Size/MD5:   101634 601109a3df9d10f1bf9e5bbef48c06ae
      Size/MD5:  1258622 fa30fc5985afe77a04dbdcbc4d977202

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   101648 525baf5b4ab9ff70172864b3d5a48a05
      Size/MD5:   910280 a651ab439ffc1bcb15f42b7a4a804f07

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists