Date: Thu, 21 Apr 2005 16:52:15 -0400
From: Peachtree Linux Security Team <security@peachtree.burdell.org.>
To: [email protected]Subject: [PLSN-0002] - Multiple vulnerabilities in Gaim
Message-ID: <20050421205215.GA20803@kevlar.burdell.org.>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: antivirus-gw at tyumen.ru
--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0002
April 20, 2005
Multiple remote vulnerabilities in Gaim
CAN-2005-0965, CAN-2005-0966, CAN-2005-0967, CAN-2005-0208, CAN-2005-0473,
CAN-2005-0472
---------------------------------------------------------------------------
The following Peachtree Linux releases are affected:
Peachtree Linux release 1 ("Atlanta")
Description:
CAN-2005-0965: The gaim_markup_strip_html function in Gaim 1.2.0, and
possibly earlier versions, allows remote attackers to cause a denial of
service (application crash) via a string that contains malformed HTML,
which causes an out-of-bounds read.
CAN-2005-0966: The IRC protocol plugin in Gaim 1.2.0, and possibly
earlier versions, allows (1) remote attackers to inject arbitrary Gaim
markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2)
remote attackers to inject arbitrary Pango markup and pop up empty
dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause
a denial of service (application crash) by injecting certain Pango
markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown,
irc_msg_nochan functions.
CAN-2005-0967: Gaim 1.2.0 allows remote attackers to cause a denial
of service (application crash) via a malformed file transfer request
to a Jabber user, which leads to an out-of-bounds read.
CAN-2005-0208: The HTML parsing functions in Gaim before 1.1.4 allow
remote attackers to cause a denial of service (application crash) via
malformed HTML that causes "an invalid memory access," a different
vulnerability than CAN-2005-0473.
CAN-2005-0473: The HTML parsing functions in Gaim before 1.1.3 allow
remote attackers to cause a denial of service (application crash) via
malformed HTML that causes "an invalid memory access," a different
vulnerability than CAN-2005-0208.
CAN-2005-0472: Gaim before 1.1.3 allows remote attackers to cause a
denial of service (infinite loop) via malformed SNAC packets from (1)
AIM or (2) ICQ.
Packages:
Download the updated gaim package for your release of Peachtree Linux
and your host architecture. The main updates site is:
http://peachtree.burdell.org/updates/
Updated packages available for Peachtree Linux release 1 ("Atlanta"):
alpha
4aadbdb96b4ce84d636bebc9a91cca26 gaim-1.2.1.alpha.dist
i386
5b00656d3f2bf2ce224ef8df96361d32 gaim-1.2.1.i686.dist
ppc
5378ffd8f0b31d3bb3fa40cded1429b0 gaim-1.2.1.ppc.dist
Solution:
Download the appropriate package for your release of Peachtree Linux.
Upgrade your system to the new package:
distadd -u packagename
Where packagename is the name of the package file from the list above.
After installation of the new package, kill any running gaim processes
and reload the application.
--=20
Peachtree Linux Security Team
http://peachtree.burdell.org/
--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCaBJ/nchtWYh7oqQRAllEAJ45NINcFMrfs5DtGq/1+svInQZaygCfTAe/
MAX+q8KDtTnLD1jHrDHzNeQ=
=iuMX
-----END PGP SIGNATURE-----
--SLDf9lqlvOQaIe6s--
