From martin.pitt@canonical.com Wed Jun 15 09:35:28 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Wed, 15 Jun 2005 15:34:07 +0200 Subject: [Full-disclosure] [USN-140-1] Gaim vulnerability =========================================================== Ubuntu Security Notice USN-140-1 June 15, 2005 gaim vulnerability CAN-2005-1934 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gaim The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.6 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.3 (for Ubuntu 5.04). After doing a standard system upgrade you need to restart Gaim to effect the necessary changes. Details follow: A remote Denial of Service vulnerability was discovered in Gaim. A remote attacker could crash the Gaim client of an MSN user by sending a specially crafted MSN package which states an invalid body length in the header. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6.diff.gz Size/MD5: 48444 468f68e015435db9a0f7113808c57e58 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6.dsc Size/MD5: 853 622bcdbdc5066a6596a42ea4ab8f7e22 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_amd64.deb Size/MD5: 3444948 cae0518c1f2fa14f4e838dd46376fde4 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_i386.deb Size/MD5: 3355296 bf14bf90ac7a3bebae7891d8142c3a0e powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.6_powerpc.deb Size/MD5: 3418564 5becbf0f173331db116136a19522698f Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3.diff.gz Size/MD5: 108334 e8ae93ed55c364fdef75d6afa2888bf1 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3.dsc Size/MD5: 991 4ca52b48cfccb93b4a8c3f3e712a5859 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz Size/MD5: 5188552 b55bf3217b271918384f3f015a6e5b62 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.3_all.deb Size/MD5: 603678 37e36ea56bfd32754f540ae04a929903 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.3_amd64.deb Size/MD5: 101624 dd693d77a9fb58eed430e18d38bdb5e7 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3_amd64.deb Size/MD5: 934222 c3a8d7c1fcb1789363ad277acf0cb4c2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.3_i386.deb Size/MD5: 101612 22e78fb3580dc128eeb6e3d2b7491436 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3_i386.deb Size/MD5: 845570 2baab76439b0274b26416cfa3eba3cac powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.3_powerpc.deb Size/MD5: 101642 722cbc574f4d128f9806430957828695 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.3_powerpc.deb Size/MD5: 910476 ef04e16bf2d2dd7aac67bb58173199e0 [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/