[CLA-2005:949] Conectiva Security Announcement - gaim

• Previous message: Conectiva Updates: "[CLA-2005:950] Conectiva Security Announcement - evolution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Apr 2005 15:14:38 -0300
To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE : gaim
SUMMARY : Fixes for gaim's vulnerabilities
DATE : 2005-04-27 15:11:00
ID : CLA-2005:949
RELEVANT
RELEASES : 9, 10

- -------------------------------------------------------------------------

DESCRIPTION
 Gaim[1] is a multi-protocol instant messaging (IM) client.
 
 This announcement fixes three denial of service vulnerabilities that
 were encountered in Gaim.
 
 The fixed vulnerabilities are:
 
 CAN-2005-0965[2]: The gaim_markup_strip_html function allows remote
 attackers to cause a denial of service (application crash) via a
 string that contains malformed HTML, which causes an out-of-bounds
 read.
 
 CAN-2005-0966[3]: The IRC protocol plugin allowed (1) remote
 attackers to inject arbitrary Gaim markup via irc_msg_kick,
 irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to
 inject arbitrary Pango markup and pop up empty dialog boxes via
 irc_msg_invite, or (3) malicious IRC servers to cause a denial of
 service (application crash) by injecting certain Pango markup into
 irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan
 functions.
 
 CAN-2005-0967[4]: Sending a Gaim Jabber user a certain invalid file
 transfer request triggered an out-of-bounds read which caused Gaim to
 crash.
 
 For further informations on Gaim's vulnerabilities, please refer to
 the project's security page[5].

SOLUTION
 It is recommended that all Gaim users upgrade their packages.
 
 IMPORTANT: Gaim must be restarted after the upgrade in order to close
 the vulnerabilities.
 
 
 REFERENCES
 1.http://gaim.sourceforge.net/
 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966
 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967
 5.http://gaim.sourceforge.net/security/

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS.gaim/gaim-1.2.1-69982U10_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-am-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-bg-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ca-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-cs-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-da-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-de-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_AU-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_CA-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-en_GB-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-es-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-et-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-fi-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-fr-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-he-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-hi-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-hu-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-it-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ja-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ko-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-lt-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-mk-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-my_MM-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-nb-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-nl-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pl-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pt-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-pt_BR-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ro-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-ru-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sk-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sl-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sq-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sr-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-sv-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-tr-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-uk-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-vi-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-zh_CN-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/gaim-i18n-zh_TW-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/libgaim-remote-devel-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.gaim/libgaim-remote0-1.2.1-69982U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS.gaim/gaim-1.2.1-27683U90_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS.gaim/gaim-1.2.1-27683U90_4cl.i386.rpm

ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run: apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFCb9aM42jd0JmAcZARAg6tAKDv1rox7u/RvAcbUcSMN4RYVx1LHQCggmFl
g5ryLeBaSwm5Ev99dTd+MoE=
=YlMb
-----END PGP SIGNATURE-----

• Previous message: Conectiva Updates: "[CLA-2005:950] Conectiva Security Announcement - evolution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]