Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-125-1: Gaim vulnerabilities
Posted by Philipp Esselbach on: 05/13/2005 05:47 AM [ Print | 0 comment(s) ]
Gaim security updates are available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-125-1 May 12, 2005
gaim vulnerabilities
CAN-2005-0967, CAN-2005-1261, CAN-2005-1261
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gaim
gaim-data
The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.4 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.1 (for Ubuntu 5.04). After a standard system upgrade you have to restart Gaim to effect the necessary changes.
==========================================================
Ubuntu Security Notice USN-125-1 May 12, 2005
gaim vulnerabilities
CAN-2005-0967, CAN-2005-1261, CAN-2005-1261
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gaim
gaim-data
The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.4 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.1 (for Ubuntu 5.04). After a standard system upgrade you have to restart Gaim to effect the necessary changes.
Details follow:
Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CAN-2005-0967)
Stu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CAN-2005-1261)
Siebe Tolsma discovered a Denial of Service attack in the MSN handler. By sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CAN-2005-1262)
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4.diff.gz
Size/MD5: 46992 d36bd86fc86d0e1ed7cff852f262b3bd
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4.dsc
Size/MD5: 853 6a263a078b6fbf53822e59f466a8aae2
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_amd64.deb
Size/MD5: 3444626 df8476ccc632e61dc8b7adc8567d3d46
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_i386.deb
Size/MD5: 3354914 5dbdc651c4ec1bea08e2bc5061c80522
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_powerpc.deb
Size/MD5: 3418282 8f3a48a0148143b4bb3c0d700417422f
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1.diff.gz
Size/MD5: 106708 245a83a77b4ad58e3c9316f40b566cb2
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1.dsc
Size/MD5: 991 b125a9154cf19e7d7947acb8418be0b5
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
Size/MD5: 5188552 b55bf3217b271918384f3f015a6e5b62
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.1_all.deb
Size/MD5: 603526 7f96838ec2b78882660115c39823aebe
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_amd64.deb
Size/MD5: 101620 b2e42f7a640536c1165b43e7002f4fa6
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_amd64.deb
Size/MD5: 934090 ce17f19071a91c6af0ef361dd90f4bc8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_i386.deb
Size/MD5: 101620 616d89e2302ce0ee0f8d9493a24a1988
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_i386.deb
Size/MD5: 845470 e28a7383e86bf572dad84928b0b25624
ia64 architecture (Intel Itanium)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_ia64.deb
Size/MD5: 101634 601109a3df9d10f1bf9e5bbef48c06ae
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_ia64.deb
Size/MD5: 1258622 fa30fc5985afe77a04dbdcbc4d977202
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_powerpc.deb
Size/MD5: 101648 525baf5b4ab9ff70172864b3d5a48a05
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_powerpc.deb
Size/MD5: 910280 a651ab439ffc1bcb15f42b7a4a804f07
Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CAN-2005-0967)
Stu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CAN-2005-1261)
Siebe Tolsma discovered a Denial of Service attack in the MSN handler. By sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CAN-2005-1262)
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4.diff.gz
Size/MD5: 46992 d36bd86fc86d0e1ed7cff852f262b3bd
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4.dsc
Size/MD5: 853 6a263a078b6fbf53822e59f466a8aae2
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_amd64.deb
Size/MD5: 3444626 df8476ccc632e61dc8b7adc8567d3d46
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_i386.deb
Size/MD5: 3354914 5dbdc651c4ec1bea08e2bc5061c80522
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_powerpc.deb
Size/MD5: 3418282 8f3a48a0148143b4bb3c0d700417422f
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1.diff.gz
Size/MD5: 106708 245a83a77b4ad58e3c9316f40b566cb2
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1.dsc
Size/MD5: 991 b125a9154cf19e7d7947acb8418be0b5
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
Size/MD5: 5188552 b55bf3217b271918384f3f015a6e5b62
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.1_all.deb
Size/MD5: 603526 7f96838ec2b78882660115c39823aebe
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_amd64.deb
Size/MD5: 101620 b2e42f7a640536c1165b43e7002f4fa6
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_amd64.deb
Size/MD5: 934090 ce17f19071a91c6af0ef361dd90f4bc8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_i386.deb
Size/MD5: 101620 616d89e2302ce0ee0f8d9493a24a1988
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_i386.deb
Size/MD5: 845470 e28a7383e86bf572dad84928b0b25624
ia64 architecture (Intel Itanium)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_ia64.deb
Size/MD5: 101634 601109a3df9d10f1bf9e5bbef48c06ae
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_ia64.deb
Size/MD5: 1258622 fa30fc5985afe77a04dbdcbc4d977202
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_powerpc.deb
Size/MD5: 101648 525baf5b4ab9ff70172864b3d5a48a05
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_powerpc.deb
Size/MD5: 910280 a651ab439ffc1bcb15f42b7a4a804f07
