From security@mandriva.com Thu May 12 11:33:48 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Thu, 12 May 2005 09:25:06 -0600 Subject: [Full-disclosure] MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: gaim Advisory ID: MDKSA-2005:086 Date: May 12th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: More vulnerabilities have been found in the gaim instant messaging client. A stack-based buffer overflow bug was found in how gaim processes a message containing a URL; a remote attacker could send a carefully crafted message to cause the execution of arbitrary code on the user's machine (CAN-2005-1261). Another bug was found in how gaim handles malformed MSN messages; an attacker could send a carefully crafted MSN message that would cause gaim to crash (CAN-2005-1262). Gaim version 1.3.0 fixes these issues and is provided with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: ed8172ba325d95f291a297903af41be0 10.1/RPMS/gaim-1.3.0-0.1.101mdk.i586.rpm ad2fcbcb8f0c1034c4d4ec1c9544b4c0 10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.i586.rpm 21102fd5e78228809becd7ddf24351ba 10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.i586.rpm 837a724dd6917f305beb0423713fd8ac 10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.i586.rpm 5b3ca4cd6306963fb3e1b14c63df2244 10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.i586.rpm 199a0196f394b00efee48482f309936e 10.1/RPMS/libgaim-remote0-1.3.0-0.1.101mdk.i586.rpm d5518ced2d7c76b4526fd68779693207 10.1/RPMS/libgaim-remote0-devel-1.3.0-0.1.101mdk.i586.rpm 44820576063dd74fb9c28b4a5699e36a 10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 4e2c86767236f1b8eeb188551bb27314 x86_64/10.1/RPMS/gaim-1.3.0-0.1.101mdk.x86_64.rpm db62d40135b2a9848d3699424b556654 x86_64/10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.x86_64.rpm 3a0f91257813a81a7ec0456a220357c1 x86_64/10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.x86_64.rpm 38dd8f72ca74d9080a8e289bb186c92a x86_64/10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.x86_64.rpm 13359f709541ea9654312f75339c321b x86_64/10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.x86_64.rpm 8542aca1513904f4c0a87c3f0fe543c5 x86_64/10.1/RPMS/lib64gaim-remote0-1.3.0-0.1.101mdk.x86_64.rpm 171e1625bd227112e50659b0648d8173 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.101mdk.x86_64.rpm 44820576063dd74fb9c28b4a5699e36a x86_64/10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm Mandrakelinux 10.2: dae4fba008457633fe9f687285e43a34 10.2/RPMS/gaim-1.3.0-0.1.102mdk.i586.rpm e79df04c807ee82e92ae8b1bd1c19f17 10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.i586.rpm 25bd9d7af41c8bbf6761b58465d89ee4 10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.i586.rpm c8140054eb2228eb8a8aeade572ceae9 10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.i586.rpm 071ec72d9640dab11e58b9fd5eb196b2 10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.i586.rpm f89cb44704cc525ab5f483737ea3ca45 10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.i586.rpm 8b93abaa4953aeba755d2498c91bfdb4 10.2/RPMS/libgaim-remote0-1.3.0-0.1.102mdk.i586.rpm a44d9d2bd48fc0886938db762b111b9d 10.2/RPMS/libgaim-remote0-devel-1.3.0-0.1.102mdk.i586.rpm 199e401eab3fd4bc5a9c19eb9b42c84e 10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: e540621ec7ed8160e8a69f4c8e751c60 x86_64/10.2/RPMS/gaim-1.3.0-0.1.102mdk.x86_64.rpm 2a1491f4d49e424a389232f527567504 x86_64/10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.x86_64.rpm d77f3c6453a0648c8561017b8eadf259 x86_64/10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.x86_64.rpm 53bb111a57f40c1b883978453c7e2301 x86_64/10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.x86_64.rpm d69ede9ff9e8f64e34bd6a408e062e96 x86_64/10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.x86_64.rpm 4bc25f5496bac981116ede53777690fe x86_64/10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.x86_64.rpm 1df0f36a11d9e0ae880e2e2a9196291b x86_64/10.2/RPMS/lib64gaim-remote0-1.3.0-0.1.102mdk.x86_64.rpm 3232b0c2b7becfc489da906c619fef5a x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.102mdk.x86_64.rpm 199e401eab3fd4bc5a9c19eb9b42c84e x86_64/10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm Corporate 3.0: e149a73b4459e4910211c6164119d408 corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.i586.rpm 556d49ec86c6d89d50ed5ab6b7077618 corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.i586.rpm 0c9b562338fd7d15057ce66af6c0e916 corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.i586.rpm 893a7bc983c2502b089b0b28ebc68573 corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.i586.rpm e0ca61a235d914865c52a01b24d53cc6 corporate/3.0/RPMS/libgaim-remote0-1.3.0-0.1.C30mdk.i586.rpm 643fc0e061166293c841faa09beb0dc6 corporate/3.0/RPMS/libgaim-remote0-devel-1.3.0-0.1.C30mdk.i586.rpm 050ba22fc5a9834d611cc671fd23e897 corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 7fd8169fd5f4b6b0b2ed0609a820ae09 x86_64/corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.x86_64.rpm f4a248008e042fe09d11853ef385cbbf x86_64/corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.x86_64.rpm 68d12ef13d3419cf0358ca51b15b48ff x86_64/corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.x86_64.rpm 75207cb70b1388e1ef6d5aa5c8a47b33 x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.x86_64.rpm 9b76928971f8f5adac79c2e68e1a0793 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.0-0.1.C30mdk.x86_64.rpm e7b767077d1ebba151fbd932c11746c7 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.C30mdk.x86_64.rpm 050ba22fc5a9834d611cc671fd23e897 x86_64/corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCg3VSmqjQ0CJFipgRAkjPAKCWLOG4H9jcph6x39b8Xrh/IKxT0ACdG1AT BIi6b69OC/MGJ3XVhQTDEmk= =Mt9w -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/