MDKSA-2004:117 - Updated gaim packages fix vulnerability
Posted on: 11/02/2004 05:35 AM

Updated gaim packages are available for Mandrakelinux 10.1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: gaim
Advisory ID: MDKSA-2004:117
Date: November 1st, 2004

Affected versions: 10.1
______________________________________________________________________

Problem Description:

A vulnerability in the MSN protocol handler in the gaim instant messenger application was discovered. When receiving unexpected sequences of MSNSLP messages, it is possible that an attacker could trigger an internal buffer overflow which could lead to a crash or even code execution as the user running gaim.

The updated packages are patched to fix this problem. This problem does not affect Mandrakelinux 10.0 installations.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
6b2e6e52fc0e1da0bb75b7301850387e 10.1/RPMS/gaim-0.82.1-2.1.101mdk.i586.rpm
6846eac8a14b5ff6a0a88aa5aad13edf 10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.i586.rpm
00936e0fc7426aa731249074d09157d9 10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.i586.rpm
9da5d5523a8b36fc269302f846c90326 10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.i586.rpm
66486b28ed9c1ae2a3c51d83098211e6 10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.i586.rpm
5fbd3315fa9d0b044f46c3293506d7ef 10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.i586.rpm
9234881322236a36a3b150ecaa161fbf 10.1/RPMS/libgaim-remote0-0.82.1-2.1.101mdk.i586.rpm
ff323c8ca35ac7f7d06bf1dc559b0971 10.1/RPMS/libgaim-remote0-devel-0.82.1-2.1.101mdk.i586.rpm
f397ccb1e39cf3db656e5375d1d238b5 10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
0df2813a1751c7a768c4fdff3a191443 x86_64/10.1/RPMS/gaim-0.82.1-2.1.101mdk.x86_64.rpm
39e701d2adf67e1c74bd8b131ede3d5e x86_64/10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.x86_64.rpm
22216a8ac0776d8de42d6f5a7de3b427 x86_64/10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.x86_64.rpm
020f9285bcca532427cfcfd052d96235 x86_64/10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.x86_64.rpm
4de10661d941c2a9dc7f1a64071f868f x86_64/10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.x86_64.rpm
92e8ce4e22e77c1235915a0ee68df2ab x86_64/10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.x86_64.rpm
5bf30cddc4f32809a346c2cadef3913a x86_64/10.1/RPMS/lib64gaim-remote0-0.82.1-2.1.101mdk.x86_64.rpm
38797f001f6811fca52e32319d14923c x86_64/10.1/RPMS/lib64gaim-remote0-devel-0.82.1-2.1.101mdk.x86_64.rpm
f397ccb1e39cf3db656e5375d1d238b5 x86_64/10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mdksa_2004117__updated_gaim_packages_fix_vulnerability.html)