Advisories

Mandriva Advisories

Package name	gaim
Date	August 15th, 2005
Advisory ID	MDKSA-2005:139
Affected versions	10.1, CS3.0, 10.2
Synopsis	Updated gaim packages fix yet more vulnerabilities

Problem Description

Yet more vulnerabilities have been discovered in the gaim IM client.
Invalid characters in a sent file can cause Gaim to crash on some
systems (CAN-2005-2102); a remote AIM or ICQ user can cause a buffer
overflow in Gaim by setting an away message containing many AIM
substitution strings (CAN-2005-2103); a memory alignment bug in the
library used by Gaim to access the Gadu-Gadu network can result in
a buffer overflow on non-x86 architecture systems (CAN-2005-2370).

These problems have been corrected in gaim 1.5.0 which is provided with
this update.

Updated Packages

Mandrakelinux 10.1

 eae023d3ea9c455993f0f3118a39efe7  10.1/RPMS/gaim-1.5.0-0.1.101mdk.i586.rpm
022e79c6c6ef153d6ec2c60be3495150  10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.i586.rpm
180fbe47e768745cffe981918b00c787  10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.i586.rpm
f27fd157c744e763dbf131cc50706456  10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.i586.rpm
d8fd5b1131755eb60710a068a682d67b  10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.i586.rpm
c3a05a2d53eaccf626681119de32dd48  10.1/RPMS/libgaim-remote0-1.5.0-0.1.101mdk.i586.rpm
40ef7656bd292a35c0b0a19606f5fbf4  10.1/RPMS/libgaim-remote0-devel-1.5.0-0.1.101mdk.i586.rpm
c87d6ac4271561d5897e6d0d8789821f  10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 c336fce539378546bb2883b5cfd5fd58  x86_64/10.1/RPMS/gaim-1.5.0-0.1.101mdk.x86_64.rpm
dc651324febed15bf25fe63e089d3ad8  x86_64/10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.x86_64.rpm
10dfe256275aa5482325da802a06ccc6  x86_64/10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.x86_64.rpm
56706dce2dde9072698665ac7956e1dd  x86_64/10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.x86_64.rpm
eb9bce3ee007dbb318be873c1b1591d7  x86_64/10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.x86_64.rpm
24df09e5d11bc31dba01407649e2f216  x86_64/10.1/RPMS/lib64gaim-remote0-1.5.0-0.1.101mdk.x86_64.rpm
44bb0ec8c957f5a3a88d5f3977606570  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.101mdk.x86_64.rpm
c87d6ac4271561d5897e6d0d8789821f  x86_64/10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

Corporate Server 3.0

 a699d8ab5e69d519041a7123ac905cf6  corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.i586.rpm
91b9147658a2b3a755b1e6b820b6c173  corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.i586.rpm
e7bd6d49890ad51c38c3f1a408eafeb0  corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.i586.rpm
06792dc99f87d5f698dabedad9292627  corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.i586.rpm
a654c2eacca5827a2b06d21c5111c0be  corporate/3.0/RPMS/libgaim-remote0-1.5.0-0.1.C30mdk.i586.rpm
4ecc50f7eecd86d6e45310804eb49e24  corporate/3.0/RPMS/libgaim-remote0-devel-1.5.0-0.1.C30mdk.i586.rpm
d12b5c04e37be82ed716d43b7f53bf68  corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 446674193e028268a27c6f595644c265  x86_64/corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.x86_64.rpm
adc0b49cddc2bc09cdfa0876a27aec8d  x86_64/corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.x86_64.rpm
b5d8baceacef67ba19379d11bad99ecf  x86_64/corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.x86_64.rpm
2ff79f4094d409df7c2503f58442294f  x86_64/corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.x86_64.rpm
90e1f44e9436f54ba16c8ea0ca9c022d  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.5.0-0.1.C30mdk.x86_64.rpm
21c80d62a09a0928f39274a9c957b1a8  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.C30mdk.x86_64.rpm
d12b5c04e37be82ed716d43b7f53bf68  x86_64/corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm

Mandriva Linux LE2005

 78e555fd3645ebe6b65d597fe4111ce5  10.2/RPMS/gaim-1.5.0-0.1.102mdk.i586.rpm
5d4075c783b839b23df0b59f36526809  10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.i586.rpm
c8261c301e07613f8df955c217cd5959  10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.i586.rpm
c348d7aec2579dfdeac86fdb8a2b7d56  10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.i586.rpm
79aef8848a29533d7ff926bf94768349  10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.i586.rpm
cf2bc6595be035c826df355f5694f09b  10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.i586.rpm
569ac4d9ee83efe4215f8e37c433d730  10.2/RPMS/libgaim-remote0-1.5.0-0.1.102mdk.i586.rpm
3cff6f85a1a4e8b7dfa3e2f3b9aa8183  10.2/RPMS/libgaim-remote0-devel-1.5.0-0.1.102mdk.i586.rpm
81933632048e345262a031727ccc2f88  10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 af600fa897521406d12300a96a3edc5f  x86_64/10.2/RPMS/gaim-1.5.0-0.1.102mdk.x86_64.rpm
6ffd17bc6ee6eb26a0b4870f548c7e50  x86_64/10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.x86_64.rpm
c44e769a69b33d3025bc7657fdbb1741  x86_64/10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.x86_64.rpm
7f43078544ed57c3455bad5729f260b7  x86_64/10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.x86_64.rpm
a583e4aeed9af7e557cb8afe977ff975  x86_64/10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.x86_64.rpm
d2df8bad7602db180b62d53aa50baeff  x86_64/10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.x86_64.rpm
5546c3363b33949b09f05b42f14416b9  x86_64/10.2/RPMS/lib64gaim-remote0-1.5.0-0.1.102mdk.x86_64.rpm
c56ad5acb7ee4350b538fd86262572e0  x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.102mdk.x86_64.rpm
81933632048e345262a031727ccc2f88  x86_64/10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer