lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1DQiJ7-000omXC@finlandia.Infodrom.North.DE>
Date: Wed Apr 27 09:57:28 2005
From: joey at infodrom.org (Martin Schulze)
Subject: [SECURITY] [DSA 716-1] New gaim packages fix
	denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 716-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
April 27th, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gaim
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0472

It has been discovered that certain malformed SNAC packets sent by
other AIM or ICQ users can trigger an infinite loop in Gaim, a
multi-protocol instant messaging client, and hence lead to a denial of
service of the client.

Two more denial of service conditions have been discovered in newer
versions of Gaim which are fixed in the package in sid but are not
present in the package in woody.

For the stable distribution (woody) this problem has been fixed in
version 0.58-2.5.

For the unstable distribution (sid) these problems have been fixed in
version 1.1.3-1.

We recommend that you upgrade your gaim packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.dsc
      Size/MD5 checksum:      681 e985a045131d5ad43c2192533d581d49
    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz
      Size/MD5 checksum:    23078 688d4d51bd00e863c4c911f539708f0d
    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
      Size/MD5 checksum:  1928057 644df289daeca5f9dd3983d65c8b2407

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_alpha.deb
      Size/MD5 checksum:   480588 297fed5e44fab4f49c3c103159ee3dc4
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb
      Size/MD5 checksum:   674918 1a59dbf94b98f25c18eaeee28aab5910
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_alpha.deb
      Size/MD5 checksum:   501450 bbe7cdac070bed0937596df34052c555

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_arm.deb
      Size/MD5 checksum:   401938 1f9588d2015c20477f35f59de2e67190
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb
      Size/MD5 checksum:   615258 6a1d88825004fb405881674236b5f34b
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_arm.deb
      Size/MD5 checksum:   422646 eab79e46b080475268510509635388b2

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_i386.deb
      Size/MD5 checksum:   389530 e4b3815727835a3ab112fb109a328021
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb
      Size/MD5 checksum:   605678 619283e7b98add8bf725beb71a3de75b
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_i386.deb
      Size/MD5 checksum:   409274 c81aa5abd01455d0b082c6503e5abb32

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_ia64.deb
      Size/MD5 checksum:   557214 f57cd6a3c35d2d7042690e5584d3c49c
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb
      Size/MD5 checksum:   765410 33b7051caea6919c87519bc9c570ef69
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_ia64.deb
      Size/MD5 checksum:   570064 2a9d5dbdd9b1bc7470d3a7a12cf3b453

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_hppa.deb
      Size/MD5 checksum:   459698 74a1621f52f73e436aeffc82e1c528a5
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb
      Size/MD5 checksum:   691344 06a88c54e725114cb0818b50dce65fd5
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_hppa.deb
      Size/MD5 checksum:   481568 5aaf2370d855711ae2d2916c13831f0b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_m68k.deb
      Size/MD5 checksum:   370690 627841728dabb3c6e83e60c8001a0ac4
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb
      Size/MD5 checksum:   622818 e4205658f157914fc5cea27c7248a71d
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_m68k.deb
      Size/MD5 checksum:   392316 8ee4f81a43e8b9ae123adadba2eed04c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mips.deb
      Size/MD5 checksum:   406618 354027157ccc8439f28f3d05198cce12
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb
      Size/MD5 checksum:   615058 36c64cdcac52153d504eb7e246560510
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mips.deb
      Size/MD5 checksum:   427314 7f59f09c347ed39a12fad8408c40fab3

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mipsel.deb
      Size/MD5 checksum:   397210 f690bab2d77b7f5bc5c207ab8799a7ae
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb
      Size/MD5 checksum:   607548 a62777c3ba8590660821edb1f46947ee
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mipsel.deb
      Size/MD5 checksum:   416922 31b725e25888062257b1d9a212450a0e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_powerpc.deb
      Size/MD5 checksum:   413722 b499efefdd53e1e1f99c82fe4345d740
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb
      Size/MD5 checksum:   643070 e6a50e343c77e80e72c26570e4086452
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_powerpc.deb
      Size/MD5 checksum:   434530 be29354736f00ed85d5aa36d0bb86330

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_s390.deb
      Size/MD5 checksum:   399718 1328ff0fecf64d0a8db50bcbf6a4307d
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb
      Size/MD5 checksum:   644284 c668b1de2ad8c707c5f8ad2de456bf9c
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_s390.deb
      Size/MD5 checksum:   422222 14e4654f7df7c22fb6e8240908c7836c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_sparc.deb
      Size/MD5 checksum:   409866 7d8a00f61567dea550246ba36ee8f350
    http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb
      Size/MD5 checksum:   654072 aca9f7da61fa3f05e5394844fd1cc0ba
    http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_sparc.deb
      Size/MD5 checksum:   428798 d4eb82d10dfcaee16df40d3c4547e809


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCb1MxW5ql+IAeqTIRAuyDAKCLgLcvQQL/yHUrPyfnN4NA+l1xigCfRGK7
sXTZIJCQn4+aJhY27nCPr7Y=
=muNJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ