Ubuntu 781-2: Gaim vulnerabilities

    Date03 Jun 2009
    CategoryUbuntu
    49
    Posted ByLinuxSecurity Advisories
    It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) [More...]
    ===========================================================
    Ubuntu Security Notice USN-781-2              June 03, 2009
    gaim vulnerabilities
    CVE-2009-1373, CVE-2009-1376
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      gaim                            1:1.5.0+1.5.1cvs20051015-1ubuntu10.2
    
    After a standard system upgrade you need to restart Gaim to effect
    the necessary changes.
    
    Details follow:
    
    It was discovered that Gaim did not properly handle certain malformed
    messages when sending a file using the XMPP protocol handler. If a user
    were tricked into sending a file, a remote attacker could send a specially
    crafted response and cause Gaim to crash, or possibly execute arbitrary
    code with user privileges. (CVE-2009-1373)
    
    It was discovered that Gaim did not properly handle certain malformed
    messages in the MSN protocol handler. A remote attacker could send a
    specially crafted message and possibly execute arbitrary code with user
    privileges. (CVE-2009-1376)
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2.diff.gz
          Size/MD5:    35032 018074e6f3fe79b0334b616c41db8f16
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2.dsc
          Size/MD5:     1061 fedec169b55ed59a1d258f4261d3342e
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015.orig.tar.gz
          Size/MD5:  4299145 949ae755e9be1af68eef6c09c36a7530
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5.1cvs20051015-1ubuntu10.2_all.deb
          Size/MD5:   613400 851c17117f60a8bdd7a1a7945295bb95
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_amd64.deb
          Size/MD5:   103268 3e801c048c16f37927274e223006cf12
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_amd64.deb
          Size/MD5:   954312 b221c7923480c8f561b19f25602fb42d
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_i386.deb
          Size/MD5:   103268 7c5d619c893be0613fc3e9e520180ac3
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_i386.deb
          Size/MD5:   836516 36ab380abace72300ba4aa0da8af0423
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_powerpc.deb
          Size/MD5:   103266 f8d87f5da7ae492b3e5564c132afb4de
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_powerpc.deb
          Size/MD5:   924684 227c223828b0edcc564397b37281636a
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_sparc.deb
          Size/MD5:   103252 4e6a313eced48612d2f35ab69ebd85b1
        http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_sparc.deb
          Size/MD5:   856864 9b00254efd713d0001bb7e11817e6bc3
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.