[USN-8-1] gaim vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 10/27/04

Next message: 0-1-2-3_at_gmx.de: "New URL spoofing bug in Microsoft Internet Explorer"

Previous message: Martin Pitt: "[USN-7-1] imagemagick vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Oct 2004 02:53:22 +0200
To: ubuntu-security-announce@lists.ubuntu.com

===========================================================
Ubuntu Security Notice USN-8-1 October 27, 2004
gaim vulnerabilities
CAN-2004-0891
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow and two remote crashes were recently discovered in
gaim's MSN protocol handler. An attacker could potentially execute
arbitrary code with the user's privileges by crafting and sending a
particular MSN message.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.diff.gz
      Size/MD5: 40716 a1cd244a1d9197c9a4855706f857ede2
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.dsc
      Size/MD5: 853 dbd5a82e0fa2c33df8fc26d636a2f9f1
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_amd64.deb
Size/MD5: 3443672 0a2a22b071c0256a2d68d20b474fdddc

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_i386.deb
Size/MD5: 3353616 1b825ce8a2cbba5fa2171fa089f71112

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_powerpc.deb
Size/MD5: 3417684 bae36e86bcf49722af6497d55a2de5fc

application/pgp-signature attachment: Digital signature

Next message: 0-1-2-3_at_gmx.de: "New URL spoofing bug in Microsoft Internet Explorer"

Previous message: Martin Pitt: "[USN-7-1] imagemagick vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] [USN-8-1] gaim vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ...
(Full-Disclosure)
[USN-8-1] gaim vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ...
(Full-Disclosure)
[Full-Disclosure] [USN-8-1] gaim vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ...
(Full-Disclosure)
[USN-42-1] Xine library vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ...
(Bugtraq)
[Full-Disclosure] [USN-17-1] passwd vulnerability
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... their login shell without having to change their password. ...
(Full-Disclosure)