The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-781-2] Gaim vulnerabilities


<< Previous INDEX Search src / Print Next >>
Subject: [USN-781-2] Gaim vulnerabilities
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
To: [email protected]
Cc: [email protected], [email protected]
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-UlK7smO3lTZU9PG6FARf"
Date: Wed, 03 Jun 2009 10:20:54 -0400
Message-Id: <1244038854.12402.2.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.1 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-UlK7smO3lTZU9PG6FARf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-781-2              June 03, 2009
gaim vulnerabilities
CVE-2009-1373, CVE-2009-1376
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gaim                            1:1.5.0+1.5.1cvs20051015-1ubuntu10.2

After a standard system upgrade you need to restart Gaim to effect
the necessary changes.

Details follow:

It was discovered that Gaim did not properly handle certain malformed
messages when sending a file using the XMPP protocol handler. If a user
were tricked into sending a file, a remote attacker could send a specially
crafted response and cause Gaim to crash, or possibly execute arbitrary
code with user privileges. (CVE-2009-1373)

It was discovered that Gaim did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a
specially crafted message and possibly execute arbitrary code with user
privileges. (CVE-2009-1376)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015-1ubuntu10.2.diff.gz
      Size/MD5:    35032 018074e6f3fe79b0334b616c41db8f16
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015-1ubuntu10.2.dsc
      Size/MD5:     1061 fedec169b55ed59a1d258f4261d3342e
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015.orig.tar.gz
      Size/MD5:  4299145 949ae755e9be1af68eef6c09c36a7530

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5.=
1cvs20051015-1ubuntu10.2_all.deb
      Size/MD5:   613400 851c17117f60a8bdd7a1a7945295bb95

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1=
cvs20051015-1ubuntu10.2_amd64.deb
      Size/MD5:   103268 3e801c048c16f37927274e223006cf12
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015-1ubuntu10.2_amd64.deb
      Size/MD5:   954312 b221c7923480c8f561b19f25602fb42d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1=
cvs20051015-1ubuntu10.2_i386.deb
      Size/MD5:   103268 7c5d619c893be0613fc3e9e520180ac3
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015-1ubuntu10.2_i386.deb
      Size/MD5:   836516 36ab380abace72300ba4aa0da8af0423

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1=
cvs20051015-1ubuntu10.2_powerpc.deb
      Size/MD5:   103266 f8d87f5da7ae492b3e5564c132afb4de
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015-1ubuntu10.2_powerpc.deb
      Size/MD5:   924684 227c223828b0edcc564397b37281636a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1=
cvs20051015-1ubuntu10.2_sparc.deb
      Size/MD5:   103252 4e6a313eced48612d2f35ab69ebd85b1
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs2=
0051015-1ubuntu10.2_sparc.deb
      Size/MD5:   856864 9b00254efd713d0001bb7e11817e6bc3



--=-UlK7smO3lTZU9PG6FARf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkomhsMACgkQLMAs/0C4zNpflgCgk04uAcWxmkxGVcAlq0a1MyMk
ccwAn0klU8ZC218rAPdKxgA9R/uZyHxi
=Bc8j
-----END PGP SIGNATURE-----

--=-UlK7smO3lTZU9PG6FARf--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру