From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:071 - Updated gaim packages fix multiple vulnerabilities
Message-Id: <E1DLu9Q-0000WR-Lp@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 13 Apr 2005 20:32:16 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2005:071
Date: April 13th, 2005
Affected versions: 10.1, Corporate 3.0
______________________________________________________________________
Problem Description:
More vulnerabilities have been discovered in the gaim instant messaging
client:
A buffer overflow vulnerability was found in the way that gaim escapes
HTML, allowing a remote attacker to send a specially crafted message
to a gaim client and causing it to crash (CAN-2005-0965).
A bug was discovered in several of gaim's IRC processing functions
that fail to properly remove various markup tags within an IRC message.
This could allow a remote attacker to send specially crafted message to
a gaim client connected to an IRC server, causing it to crash
(CAN-2005-0966).
Finally, a problem was found in gaim's Jabber message parser that would
allow a remote Jabber user to send a specially crafted message to a
gaim client, bausing it to crash (CAN-2005-0967).
Gaim version 1.2.1 is not vulnerable to these issues and is provided
with this update.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
f0c9f84d95541ffba3baf9e24d85e87a 10.1/RPMS/gaim-1.2.1-0.1.101mdk.i586.rpm
75941740b8e5db4603816d3ea73cfddf 10.1/RPMS/gaim-devel-1.2.1-0.1.101mdk.i586.rpm
334adccd0d97f287a0282f236311c495 10.1/RPMS/gaim-gevolution-1.2.1-0.1.101mdk.i586.rpm
7c8c86d36881bca9f539c7c8dfc543cc 10.1/RPMS/gaim-perl-1.2.1-0.1.101mdk.i586.rpm
361e053e145405c5cf95c9fadafa21b1 10.1/RPMS/gaim-tcl-1.2.1-0.1.101mdk.i586.rpm
dc4c479784bda506fc895441028b2985 10.1/RPMS/libgaim-remote0-1.2.1-0.1.101mdk.i586.rpm
342d279dbb9a076a03c596d6c1729d77 10.1/RPMS/libgaim-remote0-devel-1.2.1-0.1.101mdk.i586.rpm
6de0f7edf8c55a755c4b64809e1a246f 10.1/SRPMS/gaim-1.2.1-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
c51c050ac997d33f37cff42f1ddd8ee3 x86_64/10.1/RPMS/gaim-1.2.1-0.1.101mdk.x86_64.rpm
ce76925c9ea35890fe06c2266f87f1a4 x86_64/10.1/RPMS/gaim-devel-1.2.1-0.1.101mdk.x86_64.rpm
f862609115d62357ee65409e3accb9a0 x86_64/10.1/RPMS/gaim-gevolution-1.2.1-0.1.101mdk.x86_64.rpm
f53dee67ae2ddfa5a46b8eccd7e8ffc8 x86_64/10.1/RPMS/gaim-perl-1.2.1-0.1.101mdk.x86_64.rpm
705b7a40f55d4c2c71f69b6d074cb879 x86_64/10.1/RPMS/gaim-tcl-1.2.1-0.1.101mdk.x86_64.rpm
18330f6a2b207cad6d8456c724ea9a1f x86_64/10.1/RPMS/lib64gaim-remote0-1.2.1-0.1.101mdk.x86_64.rpm
e05d76f087b39d233ba73eedcc3e7063 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.2.1-0.1.101mdk.x86_64.rpm
6de0f7edf8c55a755c4b64809e1a246f x86_64/10.1/SRPMS/gaim-1.2.1-0.1.101mdk.src.rpm
Corporate 3.0:
02619cb85a0a8846294c8ecdc2697231 corporate/3.0/RPMS/gaim-1.2.1-0.1.C30mdk.i586.rpm
0686d195bd0e1a69c9fd8e2952d6e31e corporate/3.0/RPMS/gaim-devel-1.2.1-0.1.C30mdk.i586.rpm
1057d2753906d97367b596be55694546 corporate/3.0/RPMS/gaim-perl-1.2.1-0.1.C30mdk.i586.rpm
d69fc3be71d44677023d4902af8081a4 corporate/3.0/RPMS/gaim-tcl-1.2.1-0.1.C30mdk.i586.rpm
a3d62bec1d30efef4cde7ae80cc6f3b1 corporate/3.0/RPMS/libgaim-remote0-1.2.1-0.1.C30mdk.i586.rpm
ae7cec269ef28eb3664ad6941ff02e88 corporate/3.0/RPMS/libgaim-remote0-devel-1.2.1-0.1.C30mdk.i586.rpm
9ca50a9a0a46f5e616f9dd3f00e7dc52 corporate/3.0/SRPMS/gaim-1.2.1-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
5e69467d59933b94614a9567e50f22dc x86_64/corporate/3.0/RPMS/gaim-1.2.1-0.1.C30mdk.x86_64.rpm
00f868d0fce79a2557bcc7cc6f9a04f2 x86_64/corporate/3.0/RPMS/gaim-devel-1.2.1-0.1.C30mdk.x86_64.rpm
703d5bca6aea8fa580500a19096ef8e5 x86_64/corporate/3.0/RPMS/gaim-perl-1.2.1-0.1.C30mdk.x86_64.rpm
f76af359b96e10c8707b14f110031491 x86_64/corporate/3.0/RPMS/gaim-tcl-1.2.1-0.1.C30mdk.x86_64.rpm
760124434b0c5b6e8420dc1e13c3533f x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.2.1-0.1.C30mdk.x86_64.rpm
f53b90f50d2934bc070ca6ebb1a9324e x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.2.1-0.1.C30mdk.x86_64.rpm
9ca50a9a0a46f5e616f9dd3f00e7dc52 x86_64/corporate/3.0/SRPMS/gaim-1.2.1-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCXdYwmqjQ0CJFipgRAiuIAJ0cS6yu54U+jEevRA4vmFEGYTdk4gCghOdV
QVG5/7iUy+TBjcEvfVHEaek=
=+qyw
-----END PGP SIGNATURE-----