Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Ubuntu 6.06 LTS USN-781-2 Critical: Gaim Crash and Code Execution

Calendar Jun 03, 2009 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical Ubuntu remote execution Gaim file handling issue
It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) [More...] 
==========================================================Ubuntu Security Notice USN-781-2              June 03, 2009
gaim vulnerabilities
CVE-2009-1373, CVE-2009-1376
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gaim                            1:1.5.0+1.5.1cvs20051015-1ubuntu10.2

After a standard system upgrade you need to restart Gaim to effect
the necessary changes.

Details follow:

It was discovered that Gaim did not properly handle certain malformed
messages when sending a file using the XMPP protocol handler. If a user
were tricked into sending a file, a remote attacker could send a specially
crafted response and cause Gaim to crash, or possibly execute arbitrary
code with user privileges. (CVE-2009-1373)

It was discovered that Gaim did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a
specially crafted message and possibly execute arbitrary code with user
privileges. (CVE-2009-1376)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    35032 018074e6f3fe79b0334b616c41db8f16
          Size/MD5:     1061 fedec169b55ed59a1d258f4261d3342e
          Size/MD5:  4299145 949ae755e9be1af68eef6c09c36a7530

  Architecture independent packages:

          Size/MD5:   613400 851c17117f60a8bdd7a1a7945295bb95

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   103268 3e801c048c16f37927274e223006cf12
          Size/MD5:   954312 b221c7923480c8f561b19f25602fb42d

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   103268 7c5d619c893be0613fc3e9e520180ac3
          Size/MD5:   836516 36ab380abace72300ba4aa0da8af0423

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   103266 f8d87f5da7ae492b3e5564c132afb4de
          Size/MD5:   924684 227c223828b0edcc564397b37281636a

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   103252 4e6a313eced48612d2f35ab69ebd85b1
          Size/MD5:   856864 9b00254efd713d0001bb7e11817e6bc3

Ubuntu 6.06 LTS USN-781-2 Critical: Gaim Crash and Code Execution

ubuntu
Calendar Grey June 3, 2009
Dist Ubuntu Esm H88
Unearth Gaim security flaws impacting Ubuntu 6.06 LTS and explore strategies to minimize threats with the updates shared.
It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler

Summary

Topics%20covered

Topics Covered

security advisory critical Ubuntu remote execution Gaim file handling issue

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

gaim vulnerabilities

Topics%20covered

Topics Covered

security advisory critical Ubuntu remote execution Gaim file handling issue

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here