From: Mandrakelinux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities
Message-Id: <E1D7KFy-0008WV-70@updates.mandrakesoft.com.>
Date: Fri, 04 Mar 2005 14:22:46 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2005:049
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
Gaim versions prior to version 1.1.4 suffer from a few security issues
such as the HTML parses not sufficiently validating its input. This
allowed a remote attacker to crash the Gaim client be sending certain
malformed HTML messages (CAN-2005-0208 and CAN-2005-0473).
As well, insufficient input validation was also discovered in the
"Oscar" protocol handler, used for ICQ and AIM. By sending specially
crafted packets, remote users could trigger an inifinite loop in Gaim
causing it to become unresponsive and hang (CAN-2005-0472).
Gaim 1.1.4 is provided and fixes these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473http://gaim.sourceforge.net/security/index.php?id=10http://gaim.sourceforge.net/security/index.php?id=11http://gaim.sourceforge.net/security/index.php?id=12
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
ee4aaf22c265f3f6e7f37beccf212301 10.0/RPMS/gaim-1.1.4-2.1.100mdk.i586.rpm
b19bd7c212fa8c9427d88a5fa7b489ef 10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.i586.rpm
628d5e1b676124e01454dea9ea05aa73 10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.i586.rpm
797ab3e00c5d0f2616afb86edb782859 10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.i586.rpm
8b9e89290a35eb7b4e4e9829e0275312 10.0/RPMS/libgaim-remote0-1.1.4-2.1.100mdk.i586.rpm
519796a3cd3ca9813369b6cb22954f89 10.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.100mdk.i586.rpm
7819e5b641eb8fe7f34e930ff3d699a6 10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
cc92e812426003d7b7e36ea7cee7a96d amd64/10.0/RPMS/gaim-1.1.4-2.1.100mdk.amd64.rpm
9588ea7e5912fffa33bcb354c38c4a18 amd64/10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.amd64.rpm
b5a180a8888a5da8e8d323fa9a575e78 amd64/10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.amd64.rpm
1f591a16acfb9c69204865a41df0a917 amd64/10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.amd64.rpm
81a37dafd3c90ece97fd228fe7d733df amd64/10.0/RPMS/lib64gaim-remote0-1.1.4-2.1.100mdk.amd64.rpm
665f07ab92a205812235526599bf65df amd64/10.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.100mdk.amd64.rpm
7819e5b641eb8fe7f34e930ff3d699a6 amd64/10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm
Mandrakelinux 10.1:
4cda3906dcb6520428b4f1bc42f6174e 10.1/RPMS/gaim-1.1.4-2.1.101mdk.i586.rpm
49f93da18c44ba5c22c87186e4c0988f 10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.i586.rpm
0f2dda29cdf649ba976cd0721b5a867c 10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.i586.rpm
1bb9c654b3d226b6209a95248fc1723f 10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.i586.rpm
d923dad213f3538205b1ef0cac626a35 10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.i586.rpm
a930169e43850f519a0eacd11212e78a 10.1/RPMS/libgaim-remote0-1.1.4-2.1.101mdk.i586.rpm
dda84886d6c3f18fc24c5b73621bdaef 10.1/RPMS/libgaim-remote0-devel-1.1.4-2.1.101mdk.i586.rpm
729dca43d227506fcf39e6b8583496fa 10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
697c22ee6faa5a0e5e745ca590704b6f x86_64/10.1/RPMS/gaim-1.1.4-2.1.101mdk.x86_64.rpm
cd39d48dc21ead77da4c9739e9098de0 x86_64/10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.x86_64.rpm
01188511f0315df83f46cee36d9d3427 x86_64/10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.x86_64.rpm
5a44092f51a6de2bf1ebb5f516b91cfa x86_64/10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.x86_64.rpm
82b356c4f8bd0f43a2bc390ce5c34442 x86_64/10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.x86_64.rpm
038bb0b8edfa3eb9716e9bd08d24cd2c x86_64/10.1/RPMS/lib64gaim-remote0-1.1.4-2.1.101mdk.x86_64.rpm
149c20340da5935666152c83749ca8d0 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.101mdk.x86_64.rpm
729dca43d227506fcf39e6b8583496fa x86_64/10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm
Corporate 3.0:
face699482ea9de9d93b42c5c8d5a384 corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.i586.rpm
39a2f2e483c68fb3ca5714a0d27e14e9 corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.i586.rpm
a63a03508343e78353edbe99aca94ec9 corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.i586.rpm
3bbcff0593e85157d0e0bb02dfbfa90c corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.i586.rpm
87ac2f9b85cbaf9309c17ce0fbb9daf9 corporate/3.0/RPMS/libgaim-remote0-1.1.4-2.1.C30mdk.i586.rpm
2352333d9dc21a41645b0f26ae47f6b3 corporate/3.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.C30mdk.i586.rpm
e9d4f10f138cdb3af653f3bb13319f62 corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
fa834d8d43b2cde15f94da06d228c704 x86_64/corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.x86_64.rpm
dd31e9bf2d7497ab5452df2c75194e1b x86_64/corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.x86_64.rpm
8283718b4bc5a9fa51655b2affed2136 x86_64/corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.x86_64.rpm
11ecf0ed5491cf98f68d0a3224765e1e x86_64/corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.x86_64.rpm
3c10e0b33ec75788c0a4ac97e8057c58 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.1.4-2.1.C30mdk.x86_64.rpm
f1a2c0cf86d65ed2366d984bfe5104bc x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.C30mdk.x86_64.rpm
e9d4f10f138cdb3af653f3bb13319f62 x86_64/corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCKNGmmqjQ0CJFipgRAkkuAJ9JhXEDunqTrXkT0BARjvvrjHEMZwCgxI+w
3REK8OF4tdIuoEGrIsguS2k=
=N53O
-----END PGP SIGNATURE-----