Advisories

Mandriva Advisories

Package name	gaim
Date	May 12th, 2005
Advisory ID	MDKSA-2005:086
Affected versions	10.1, CS3.0, 10.2
Synopsis	Updated gaim packages fix multiple vulnerabilities

Problem Description

More vulnerabilities have been found in the gaim instant messaging
client. A stack-based buffer overflow bug was found in how gaim
processes a message containing a URL; a remote attacker could send a
carefully crafted message to cause the execution of arbitrary code on
the user's machine (CAN-2005-1261).

Another bug was found in how gaim handles malformed MSN messages; an
attacker could send a carefully crafted MSN message that would cause
gaim to crash (CAN-2005-1262).

Gaim version 1.3.0 fixes these issues and is provided with this
update.

Updated Packages

Mandrakelinux 10.1

 ed8172ba325d95f291a297903af41be0  10.1/RPMS/gaim-1.3.0-0.1.101mdk.i586.rpm
ad2fcbcb8f0c1034c4d4ec1c9544b4c0  10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.i586.rpm
21102fd5e78228809becd7ddf24351ba  10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.i586.rpm
837a724dd6917f305beb0423713fd8ac  10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.i586.rpm
5b3ca4cd6306963fb3e1b14c63df2244  10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.i586.rpm
199a0196f394b00efee48482f309936e  10.1/RPMS/libgaim-remote0-1.3.0-0.1.101mdk.i586.rpm
d5518ced2d7c76b4526fd68779693207  10.1/RPMS/libgaim-remote0-devel-1.3.0-0.1.101mdk.i586.rpm
44820576063dd74fb9c28b4a5699e36a  10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 4e2c86767236f1b8eeb188551bb27314  x86_64/10.1/RPMS/gaim-1.3.0-0.1.101mdk.x86_64.rpm
db62d40135b2a9848d3699424b556654  x86_64/10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.x86_64.rpm
3a0f91257813a81a7ec0456a220357c1  x86_64/10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.x86_64.rpm
38dd8f72ca74d9080a8e289bb186c92a  x86_64/10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.x86_64.rpm
13359f709541ea9654312f75339c321b  x86_64/10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.x86_64.rpm
8542aca1513904f4c0a87c3f0fe543c5  x86_64/10.1/RPMS/lib64gaim-remote0-1.3.0-0.1.101mdk.x86_64.rpm
171e1625bd227112e50659b0648d8173  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.101mdk.x86_64.rpm
44820576063dd74fb9c28b4a5699e36a  x86_64/10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm

Corporate Server 3.0

 e149a73b4459e4910211c6164119d408  corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.i586.rpm
556d49ec86c6d89d50ed5ab6b7077618  corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.i586.rpm
0c9b562338fd7d15057ce66af6c0e916  corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.i586.rpm
893a7bc983c2502b089b0b28ebc68573  corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.i586.rpm
e0ca61a235d914865c52a01b24d53cc6  corporate/3.0/RPMS/libgaim-remote0-1.3.0-0.1.C30mdk.i586.rpm
643fc0e061166293c841faa09beb0dc6  corporate/3.0/RPMS/libgaim-remote0-devel-1.3.0-0.1.C30mdk.i586.rpm
050ba22fc5a9834d611cc671fd23e897  corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 7fd8169fd5f4b6b0b2ed0609a820ae09  x86_64/corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.x86_64.rpm
f4a248008e042fe09d11853ef385cbbf  x86_64/corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.x86_64.rpm
68d12ef13d3419cf0358ca51b15b48ff  x86_64/corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.x86_64.rpm
75207cb70b1388e1ef6d5aa5c8a47b33  x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.x86_64.rpm
9b76928971f8f5adac79c2e68e1a0793  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.0-0.1.C30mdk.x86_64.rpm
e7b767077d1ebba151fbd932c11746c7  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.C30mdk.x86_64.rpm
050ba22fc5a9834d611cc671fd23e897  x86_64/corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm

Mandriva Linux LE2005

 dae4fba008457633fe9f687285e43a34  10.2/RPMS/gaim-1.3.0-0.1.102mdk.i586.rpm
e79df04c807ee82e92ae8b1bd1c19f17  10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.i586.rpm
25bd9d7af41c8bbf6761b58465d89ee4  10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.i586.rpm
c8140054eb2228eb8a8aeade572ceae9  10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.i586.rpm
071ec72d9640dab11e58b9fd5eb196b2  10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.i586.rpm
f89cb44704cc525ab5f483737ea3ca45  10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.i586.rpm
8b93abaa4953aeba755d2498c91bfdb4  10.2/RPMS/libgaim-remote0-1.3.0-0.1.102mdk.i586.rpm
a44d9d2bd48fc0886938db762b111b9d  10.2/RPMS/libgaim-remote0-devel-1.3.0-0.1.102mdk.i586.rpm
199e401eab3fd4bc5a9c19eb9b42c84e  10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 e540621ec7ed8160e8a69f4c8e751c60  x86_64/10.2/RPMS/gaim-1.3.0-0.1.102mdk.x86_64.rpm
2a1491f4d49e424a389232f527567504  x86_64/10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.x86_64.rpm
d77f3c6453a0648c8561017b8eadf259  x86_64/10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.x86_64.rpm
53bb111a57f40c1b883978453c7e2301  x86_64/10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.x86_64.rpm
d69ede9ff9e8f64e34bd6a408e062e96  x86_64/10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.x86_64.rpm
4bc25f5496bac981116ede53777690fe  x86_64/10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.x86_64.rpm
1df0f36a11d9e0ae880e2e2a9196291b  x86_64/10.2/RPMS/lib64gaim-remote0-1.3.0-0.1.102mdk.x86_64.rpm
3232b0c2b7becfc489da906c619fef5a  x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.102mdk.x86_64.rpm
199e401eab3fd4bc5a9c19eb9b42c84e  x86_64/10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer