[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DWFYg-0002ng-TZ@mercury.mandriva.com>
Date: Thu, 12 May 2005 09:25:06 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2005:086
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
More vulnerabilities have been found in the gaim instant messaging
client. A stack-based buffer overflow bug was found in how gaim
processes a message containing a URL; a remote attacker could send a
carefully crafted message to cause the execution of arbitrary code on
the user's machine (CAN-2005-1261).
Another bug was found in how gaim handles malformed MSN messages; an
attacker could send a carefully crafted MSN message that would cause
gaim to crash (CAN-2005-1262).
Gaim version 1.3.0 fixes these issues and is provided with this
update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
ed8172ba325d95f291a297903af41be0 10.1/RPMS/gaim-1.3.0-0.1.101mdk.i586.rpm
ad2fcbcb8f0c1034c4d4ec1c9544b4c0 10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.i586.rpm
21102fd5e78228809becd7ddf24351ba 10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.i586.rpm
837a724dd6917f305beb0423713fd8ac 10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.i586.rpm
5b3ca4cd6306963fb3e1b14c63df2244 10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.i586.rpm
199a0196f394b00efee48482f309936e 10.1/RPMS/libgaim-remote0-1.3.0-0.1.101mdk.i586.rpm
d5518ced2d7c76b4526fd68779693207 10.1/RPMS/libgaim-remote0-devel-1.3.0-0.1.101mdk.i586.rpm
44820576063dd74fb9c28b4a5699e36a 10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
4e2c86767236f1b8eeb188551bb27314 x86_64/10.1/RPMS/gaim-1.3.0-0.1.101mdk.x86_64.rpm
db62d40135b2a9848d3699424b556654 x86_64/10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.x86_64.rpm
3a0f91257813a81a7ec0456a220357c1 x86_64/10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.x86_64.rpm
38dd8f72ca74d9080a8e289bb186c92a x86_64/10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.x86_64.rpm
13359f709541ea9654312f75339c321b x86_64/10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.x86_64.rpm
8542aca1513904f4c0a87c3f0fe543c5 x86_64/10.1/RPMS/lib64gaim-remote0-1.3.0-0.1.101mdk.x86_64.rpm
171e1625bd227112e50659b0648d8173 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.101mdk.x86_64.rpm
44820576063dd74fb9c28b4a5699e36a x86_64/10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm
Mandrakelinux 10.2:
dae4fba008457633fe9f687285e43a34 10.2/RPMS/gaim-1.3.0-0.1.102mdk.i586.rpm
e79df04c807ee82e92ae8b1bd1c19f17 10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.i586.rpm
25bd9d7af41c8bbf6761b58465d89ee4 10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.i586.rpm
c8140054eb2228eb8a8aeade572ceae9 10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.i586.rpm
071ec72d9640dab11e58b9fd5eb196b2 10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.i586.rpm
f89cb44704cc525ab5f483737ea3ca45 10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.i586.rpm
8b93abaa4953aeba755d2498c91bfdb4 10.2/RPMS/libgaim-remote0-1.3.0-0.1.102mdk.i586.rpm
a44d9d2bd48fc0886938db762b111b9d 10.2/RPMS/libgaim-remote0-devel-1.3.0-0.1.102mdk.i586.rpm
199e401eab3fd4bc5a9c19eb9b42c84e 10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
e540621ec7ed8160e8a69f4c8e751c60 x86_64/10.2/RPMS/gaim-1.3.0-0.1.102mdk.x86_64.rpm
2a1491f4d49e424a389232f527567504 x86_64/10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.x86_64.rpm
d77f3c6453a0648c8561017b8eadf259 x86_64/10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.x86_64.rpm
53bb111a57f40c1b883978453c7e2301 x86_64/10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.x86_64.rpm
d69ede9ff9e8f64e34bd6a408e062e96 x86_64/10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.x86_64.rpm
4bc25f5496bac981116ede53777690fe x86_64/10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.x86_64.rpm
1df0f36a11d9e0ae880e2e2a9196291b x86_64/10.2/RPMS/lib64gaim-remote0-1.3.0-0.1.102mdk.x86_64.rpm
3232b0c2b7becfc489da906c619fef5a x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.102mdk.x86_64.rpm
199e401eab3fd4bc5a9c19eb9b42c84e x86_64/10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm
Corporate 3.0:
e149a73b4459e4910211c6164119d408 corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.i586.rpm
556d49ec86c6d89d50ed5ab6b7077618 corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.i586.rpm
0c9b562338fd7d15057ce66af6c0e916 corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.i586.rpm
893a7bc983c2502b089b0b28ebc68573 corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.i586.rpm
e0ca61a235d914865c52a01b24d53cc6 corporate/3.0/RPMS/libgaim-remote0-1.3.0-0.1.C30mdk.i586.rpm
643fc0e061166293c841faa09beb0dc6 corporate/3.0/RPMS/libgaim-remote0-devel-1.3.0-0.1.C30mdk.i586.rpm
050ba22fc5a9834d611cc671fd23e897 corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
7fd8169fd5f4b6b0b2ed0609a820ae09 x86_64/corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.x86_64.rpm
f4a248008e042fe09d11853ef385cbbf x86_64/corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.x86_64.rpm
68d12ef13d3419cf0358ca51b15b48ff x86_64/corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.x86_64.rpm
75207cb70b1388e1ef6d5aa5c8a47b33 x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.x86_64.rpm
9b76928971f8f5adac79c2e68e1a0793 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.0-0.1.C30mdk.x86_64.rpm
e7b767077d1ebba151fbd932c11746c7 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.C30mdk.x86_64.rpm
050ba22fc5a9834d611cc671fd23e897 x86_64/corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCg3VSmqjQ0CJFipgRAkjPAKCWLOG4H9jcph6x39b8Xrh/IKxT0ACdG1AT
BIi6b69OC/MGJ3XVhQTDEmk=
=Mt9w
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists