Explore top 10 tips to secure your open-source projects now. Read More
×It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927) . ==========================================================Ubuntu Security Notice USN-675-2 November 24, 2008 gaim vulnerability CVE-2008-2927 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gaim 1:1.5.0+1.5.1cvs20051015-1ubuntu10.1 After a standard system upgrade you need to restart Gaim to effect the necessary changes. Details follow: It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 34051 dde2b4483bc14d671228c8a512c9fd0c Size/MD5: 1061 0293c5a43587d3db41a2437da5254206 Size/MD5: 4299145 949ae755e9be1af68eef6c09c36a7530 Architecture independent packages: Size/MD5: 613282 4b5fd4fd6053473bf10db0634e993af0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 103266 05b0562cf37fb5c72063566134aa7369 Size/MD5: 954258 7da66022c5ea3372d097f3f7404610f2 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 103248 81eebc45938e22bae57d3278682eee4b Size/MD5: 836378 82ecc0d267bb90f7669786ea2092cb93 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 103256 0fba1bcef36f3b6369effaf634c1a1df Size/MD5: 924628 5f2721e0fcbaf536e4bcbd7a74a6b06e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 103250 e43bfb56d37e3617b7bee0644c3948a8 Size/MD5: 856760 66a004eff69e42183c6c58d732761b86 . Uncover the severe flaw in Ubuntu 6.06 that facilitates remote assailants to run unintended commands. Take action and upgrade today!. gaim Vulnerability, Remote Code Execution, Ubuntu Security. . Severity: Critical. LinuxSecurity.com Team
This update fixes Bug #185222 where gaim would crash when you use the buddy blocking feature with the MSN protocol.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-335 2006-04-11 ---------------------------------------------------------------------Product : Fedora Core 5 Name : gaim Version : 1.5.0 Release : 16.fc5 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. ---------------------------------------------------------------------Update Information: This update fixes Bug #185222 where gaim would crash when you use the buddy blocking feature with the MSN protocol. ---------------------------------------------------------------------* Sat Apr 8 2006 Warren Togami - 1:1.5.0-16 - MSN block crash (#185222 Stu Tomlinson) ---------------------------------------------------------------------This update can be downloaded from: f921fb2192e643454e864095ba5867ca6435b27c SRPMS/gaim-1.5.0-16.fc5.src.rpm 7bbb885543e358f3ada6660e00f42ae41caad957 ppc/gaim-1.5.0-16.fc5.ppc.rpm 1ef8157ec37b0083dba563776b5b0219e971975d ppc/debug/gaim-debuginfo-1.5.0-16.fc5.ppc.rpm 5055036b2462a5780786e35a4d344303366aa87d x86_64/gaim-1.5.0-16.fc5.x86_64.rpm fd5f5809a05da2ff3c0317b525f4c33ce34b6895 x86_64/debug/gaim-debuginfo-1.5.0-16.fc5.x86_64.rpm c880af71a29cdef6c9055d2309e39daf8fdd2249 i386/gaim-1.5.0-16.fc5.i386.rpm 579f98e4733f4b270c59a224f6e3ecb792cc3579 i386/debug/gaim-debuginfo-1.5.0-16.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Critical: gaim security update. Date: Thu, 11 Aug 2005 18:09:51 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 302,305 ia64 now available Comments: To:
Moderate: gpdf security update. Date: Thu, 11 Aug 2005 17:55:16 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 40 x86_64 now available Comments: To:
Moderate: gpdf security update. Date: Thu, 11 Aug 2005 17:53:59 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 40,41 i386 now available Comments: To:
Critical: gaim security update. Date: Thu, 11 Aug 2005 17:36:40 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 301,302,303,304,305 i386 now available Comments: To:
An updated gaim package that fixes a buffer overflow security issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: gaim security update Advisory ID: RHSA-2005:589-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:589.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2103 - ---------------------------------------------------------------------1. Summary: An updated gaim package that fixes a buffer overflow security issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Gaim is an Internet Instant Messaging client. A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ which could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue. Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process thatwill result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165444 - CAN-2005-2103 Gaim malformed away message remote code execution 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm i386: a2f73e3b6da0814f7f3841ae4601621c gaim-0.59.9-5.el2.i386.rpm ia64: 8e9964a5627d7543a696de91faaadb1e gaim-0.59.9-5.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm ia64: 8e9964a5627d7543a696de91faaadb1e gaim-0.59.9-5.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm i386: a2f73e3b6da0814f7f3841ae4601621c gaim-0.59.9-5.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm i386: a2f73e3b6da0814f7f3841ae4601621c gaim-0.59.9-5.el2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2103 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Urgent security patch released for Gaim software resolves buffer overflow vulnerability. Promptly update your systems to stay secure.. Gaim Security Update, Buffer Overflow Fix, Red Hat Advisory. . Severity: Critical. LinuxSecurity.com Team
An updated gaim package that fixes multiple security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: gaim security update Advisory ID: RHSA-2005:627-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:627.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2102 CAN-2005-2103 CAN-2005-2370 - ---------------------------------------------------------------------1. Summary: An updated gaim package that fixes multiple security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Gaim is an Internet Messaging client. A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue. Daniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ,causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2102 to this issue. A denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2370 to this issue. Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165392 - CAN-2005-2370 gadu gadu memory alignment issue 165400 - CAN-2005-2102 gaim AIM invalid filename DoS 165402 - CAN-2005-2103 Gaim malformed away message remote code execution 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm ia64: ab1a9e0a24a296ced5779462f46c26a5 gaim-1.3.1-0.el3.3.ia64.rpm ppc: 2d58f880338491f34713a51db6aba3ec gaim-1.3.1-0.el3.3.ppc.rpm s390: a0e34b7891936843e174ed7a50634536 gaim-1.3.1-0.el3.3.s390.rpm s390x: c3e794cd5b905baf5b29848e47a7b8b2 gaim-1.3.1-0.el3.3.s390x.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm ia64: ab1a9e0a24a296ced5779462f46c26a5 gaim-1.3.1-0.el3.3.ia64.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm ia64: ab1a9e0a24a296ced5779462f46c26a5 gaim-1.3.1-0.el3.3.ia64.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm ia64: 717a21a30f477f71d6aac3052a6f2fcb gaim-1.3.1-0.el4.3.ia64.rpm ppc: c8609fd4b5cc9801ea6cd131833da6c7 gaim-1.3.1-0.el4.3.ppc.rpm s390: 5a2aa34b2844b9916e2f2cd2c39f6bb3 gaim-1.3.1-0.el4.3.s390.rpm s390x: 40f2ac0065deb7cfda303d2efabbf9ac gaim-1.3.1-0.el4.3.s390x.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm ia64: 717a21a30f477f71d6aac3052a6f2fcb gaim-1.3.1-0.el4.3.ia64.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm ia64: 717a21a30f477f71d6aac3052a6f2fcb gaim-1.3.1-0.el4.3.ia64.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2102 https://www.cve.org/CVERecord?id=CAN-2005-2103 https://www.cve.org/CVERecord?id=CAN-2005-2370 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . The Red Hat gaim advisory reveals serious security vulnerabilities affecting system integrity and user privacy, urging immediate patch application for protection. Gaim Security Update, Remote Code Execution Fix, Buffer Overflow Protection, Red Hat Enterprise Linux. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.