lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20041027005322.GD17248@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-8-1] gaim vulnerabilities

===========================================================
Ubuntu Security Notice USN-8-1             October 27, 2004
gaim vulnerabilities
CAN-2004-0891
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow and two remote crashes were recently discovered in
gaim's MSN protocol handler. An attacker could potentially execute
arbitrary code with the user's privileges by crafting and sending a
particular MSN message.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.diff.gz
      Size/MD5:    40716 a1cd244a1d9197c9a4855706f857ede2
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.dsc
      Size/MD5:      853 dbd5a82e0fa2c33df8fc26d636a2f9f1
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_amd64.deb
      Size/MD5:  3443672 0a2a22b071c0256a2d68d20b474fdddc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_i386.deb
      Size/MD5:  3353616 1b825ce8a2cbba5fa2171fa089f71112

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_powerpc.deb
      Size/MD5:  3417684 bae36e86bcf49722af6497d55a2de5fc



This email and any files transmitted with it are intended for the named recipient only. The information contained in this message may be confidential, legally privileged or commercially sensitive. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents to any other party, or take any action in reliance on it. If you have received this email in error, please contact the sender immediately by return email and delete this message from your computer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041027/651c6c06/attachment-0001.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ