[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050610065430.GA5598@piware.de>
Date: Fri, 10 Jun 2005 08:54:30 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-139-1] Gaim vulnerability
===========================================================
Ubuntu Security Notice USN-139-1 June 10, 2005
gaim vulnerability
CAN-2005-1269
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gaim
The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.5 (for Ubuntu 4.10) and 1:1.1.4-1ubuntu4.2
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
A remote Denial of Service vulnerability was discovered in Gaim. By
initiating a file transfer with a file name containing certain
international characters (like an accented "a"), a remote attacker
could crash the Gaim client of an arbitrary Yahoo IM member.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5.diff.gz
Size/MD5: 47643 dae420c8c466ef187f9157cca2644eec
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5.dsc
Size/MD5: 853 47fdb16c0a0e882036108edd8a2f03e7
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5_amd64.deb
Size/MD5: 3444822 5ef2a8e1516059da8e7d2f76df0bdaeb
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5_i386.deb
Size/MD5: 3355122 243f3280dbe47787fa3f7d52f4a92f22
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5_powerpc.deb
Size/MD5: 3418440 92f51377d4697f86dbc3babb9e09f62f
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2.diff.gz
Size/MD5: 107381 e824b45c92bb542fa8718aea91373821
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2.dsc
Size/MD5: 991 0f10bb82a3d164e646c8c2e83c671545
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
Size/MD5: 5188552 b55bf3217b271918384f3f015a6e5b62
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.2_all.deb
Size/MD5: 603616 decd1eb5ccee08a36a563693d11e058b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.2_amd64.deb
Size/MD5: 101628 1a329b4b2983721dc9eac369149699b6
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2_amd64.deb
Size/MD5: 934132 b1a096fa77f086863ea918e1e71af883
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.2_i386.deb
Size/MD5: 101616 7883d1e21d5f89c728926532a259565d
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2_i386.deb
Size/MD5: 845452 684351d1487e8d83df77a196ab146e8e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.2_powerpc.deb
Size/MD5: 101626 06cf77c8a05c61c563bbf1e5b224d133
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2_powerpc.deb
Size/MD5: 910300 47df8e404e6fa3c72a38bc18345f69ce
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists