lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DLu9Q-0000Wa-OE@mercury.mandriva.com>
Date: Thu Apr 14 10:19:27 2005
From: security at mandriva.com (Mandriva Security Team)
Subject: MDKSA-2005:071 - Updated gaim packages fix
	multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           gaim
 Advisory ID:            MDKSA-2005:071
 Date:                   April 13th, 2005

 Affected versions:	 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 More vulnerabilities have been discovered in the gaim instant messaging
 client:
 
 A buffer overflow vulnerability was found in the way that gaim escapes
 HTML, allowing a remote attacker to send a specially crafted message
 to a gaim client and causing it to crash (CAN-2005-0965).
 
 A bug was discovered in several of gaim's IRC processing functions
 that fail to properly remove various markup tags within an IRC message.
 This could allow a remote attacker to send specially crafted message to
 a gaim client connected to an IRC server, causing it to crash
 (CAN-2005-0966).
 
 Finally, a problem was found in gaim's Jabber message parser that would
 allow a remote Jabber user to send a specially crafted message to a
 gaim client, bausing it to crash (CAN-2005-0967).
 
 Gaim version 1.2.1 is not vulnerable to these issues and is provided
 with this update.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 f0c9f84d95541ffba3baf9e24d85e87a  10.1/RPMS/gaim-1.2.1-0.1.101mdk.i586.rpm
 75941740b8e5db4603816d3ea73cfddf  10.1/RPMS/gaim-devel-1.2.1-0.1.101mdk.i586.rpm
 334adccd0d97f287a0282f236311c495  10.1/RPMS/gaim-gevolution-1.2.1-0.1.101mdk.i586.rpm
 7c8c86d36881bca9f539c7c8dfc543cc  10.1/RPMS/gaim-perl-1.2.1-0.1.101mdk.i586.rpm
 361e053e145405c5cf95c9fadafa21b1  10.1/RPMS/gaim-tcl-1.2.1-0.1.101mdk.i586.rpm
 dc4c479784bda506fc895441028b2985  10.1/RPMS/libgaim-remote0-1.2.1-0.1.101mdk.i586.rpm
 342d279dbb9a076a03c596d6c1729d77  10.1/RPMS/libgaim-remote0-devel-1.2.1-0.1.101mdk.i586.rpm
 6de0f7edf8c55a755c4b64809e1a246f  10.1/SRPMS/gaim-1.2.1-0.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c51c050ac997d33f37cff42f1ddd8ee3  x86_64/10.1/RPMS/gaim-1.2.1-0.1.101mdk.x86_64.rpm
 ce76925c9ea35890fe06c2266f87f1a4  x86_64/10.1/RPMS/gaim-devel-1.2.1-0.1.101mdk.x86_64.rpm
 f862609115d62357ee65409e3accb9a0  x86_64/10.1/RPMS/gaim-gevolution-1.2.1-0.1.101mdk.x86_64.rpm
 f53dee67ae2ddfa5a46b8eccd7e8ffc8  x86_64/10.1/RPMS/gaim-perl-1.2.1-0.1.101mdk.x86_64.rpm
 705b7a40f55d4c2c71f69b6d074cb879  x86_64/10.1/RPMS/gaim-tcl-1.2.1-0.1.101mdk.x86_64.rpm
 18330f6a2b207cad6d8456c724ea9a1f  x86_64/10.1/RPMS/lib64gaim-remote0-1.2.1-0.1.101mdk.x86_64.rpm
 e05d76f087b39d233ba73eedcc3e7063  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.2.1-0.1.101mdk.x86_64.rpm
 6de0f7edf8c55a755c4b64809e1a246f  x86_64/10.1/SRPMS/gaim-1.2.1-0.1.101mdk.src.rpm

 Corporate 3.0:
 02619cb85a0a8846294c8ecdc2697231  corporate/3.0/RPMS/gaim-1.2.1-0.1.C30mdk.i586.rpm
 0686d195bd0e1a69c9fd8e2952d6e31e  corporate/3.0/RPMS/gaim-devel-1.2.1-0.1.C30mdk.i586.rpm
 1057d2753906d97367b596be55694546  corporate/3.0/RPMS/gaim-perl-1.2.1-0.1.C30mdk.i586.rpm
 d69fc3be71d44677023d4902af8081a4  corporate/3.0/RPMS/gaim-tcl-1.2.1-0.1.C30mdk.i586.rpm
 a3d62bec1d30efef4cde7ae80cc6f3b1  corporate/3.0/RPMS/libgaim-remote0-1.2.1-0.1.C30mdk.i586.rpm
 ae7cec269ef28eb3664ad6941ff02e88  corporate/3.0/RPMS/libgaim-remote0-devel-1.2.1-0.1.C30mdk.i586.rpm
 9ca50a9a0a46f5e616f9dd3f00e7dc52  corporate/3.0/SRPMS/gaim-1.2.1-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5e69467d59933b94614a9567e50f22dc  x86_64/corporate/3.0/RPMS/gaim-1.2.1-0.1.C30mdk.x86_64.rpm
 00f868d0fce79a2557bcc7cc6f9a04f2  x86_64/corporate/3.0/RPMS/gaim-devel-1.2.1-0.1.C30mdk.x86_64.rpm
 703d5bca6aea8fa580500a19096ef8e5  x86_64/corporate/3.0/RPMS/gaim-perl-1.2.1-0.1.C30mdk.x86_64.rpm
 f76af359b96e10c8707b14f110031491  x86_64/corporate/3.0/RPMS/gaim-tcl-1.2.1-0.1.C30mdk.x86_64.rpm
 760124434b0c5b6e8420dc1e13c3533f  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.2.1-0.1.C30mdk.x86_64.rpm
 f53b90f50d2934bc070ca6ebb1a9324e  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.2.1-0.1.C30mdk.x86_64.rpm
 9ca50a9a0a46f5e616f9dd3f00e7dc52  x86_64/corporate/3.0/SRPMS/gaim-1.2.1-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCXdYwmqjQ0CJFipgRAiuIAJ0cS6yu54U+jEevRA4vmFEGYTdk4gCghOdV
QVG5/7iUy+TBjcEvfVHEaek=
=+qyw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ