lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Jun 15 14:35:04 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-140-1] Gaim vulnerability

===========================================================
Ubuntu Security Notice USN-140-1	      June 15, 2005
gaim vulnerability
CAN-2005-1934
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.6 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.3
(for Ubuntu 5.04).  After doing a standard system upgrade you need to
restart Gaim to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability was discovered in Gaim. A
remote attacker could crash the Gaim client of an MSN user by sending
a specially crafted MSN package which states an invalid body length in
the header.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6.diff.gz
      Size/MD5:    48444 468f68e015435db9a0f7113808c57e58
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6.dsc
      Size/MD5:      853 622bcdbdc5066a6596a42ea4ab8f7e22
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_amd64.deb
      Size/MD5:  3444948 cae0518c1f2fa14f4e838dd46376fde4

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_i386.deb
      Size/MD5:  3355296 bf14bf90ac7a3bebae7891d8142c3a0e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_powerpc.deb
      Size/MD5:  3418564 5becbf0f173331db116136a19522698f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3.diff.gz
      Size/MD5:   108334 e8ae93ed55c364fdef75d6afa2888bf1
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3.dsc
      Size/MD5:      991 4ca52b48cfccb93b4a8c3f3e712a5859
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
      Size/MD5:  5188552 b55bf3217b271918384f3f015a6e5b62

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.3_all.deb
      Size/MD5:   603678 37e36ea56bfd32754f540ae04a929903

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.3_amd64.deb
      Size/MD5:   101624 dd693d77a9fb58eed430e18d38bdb5e7
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3_amd64.deb
      Size/MD5:   934222 c3a8d7c1fcb1789363ad277acf0cb4c2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.3_i386.deb
      Size/MD5:   101612 22e78fb3580dc128eeb6e3d2b7491436
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3_i386.deb
      Size/MD5:   845570 2baab76439b0274b26416cfa3eba3cac

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.3_powerpc.deb
      Size/MD5:   101642 722cbc574f4d128f9806430957828695
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3_powerpc.deb
      Size/MD5:   910476 ef04e16bf2d2dd7aac67bb58173199e0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050615/c41a3fd1/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ