Advisories

Mandriva Advisories

Package name	gaim
Date	March 4th, 2005
Advisory ID	MDKSA-2005:049
Affected versions	10.0, 10.1, CS3.0
Synopsis	Updated gaim packages fix multiple vulnerabilities

Problem Description

Gaim versions prior to version 1.1.4 suffer from a few security issues
such as the HTML parses not sufficiently validating its input. This
allowed a remote attacker to crash the Gaim client be sending certain
malformed HTML messages (CAN-2005-0208 and CAN-2005-0473).

As well, insufficient input validation was also discovered in the
"Oscar" protocol handler, used for ICQ and AIM. By sending specially
crafted packets, remote users could trigger an inifinite loop in Gaim
causing it to become unresponsive and hang (CAN-2005-0472).

Gaim 1.1.4 is provided and fixes these issues.

Updated Packages

Mandrakelinux 10.0

 ee4aaf22c265f3f6e7f37beccf212301  10.0/RPMS/gaim-1.1.4-2.1.100mdk.i586.rpm
b19bd7c212fa8c9427d88a5fa7b489ef  10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.i586.rpm
628d5e1b676124e01454dea9ea05aa73  10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.i586.rpm
797ab3e00c5d0f2616afb86edb782859  10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.i586.rpm
8b9e89290a35eb7b4e4e9829e0275312  10.0/RPMS/libgaim-remote0-1.1.4-2.1.100mdk.i586.rpm
519796a3cd3ca9813369b6cb22954f89  10.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.100mdk.i586.rpm
7819e5b641eb8fe7f34e930ff3d699a6  10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 cc92e812426003d7b7e36ea7cee7a96d  amd64/10.0/RPMS/gaim-1.1.4-2.1.100mdk.amd64.rpm
9588ea7e5912fffa33bcb354c38c4a18  amd64/10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.amd64.rpm
b5a180a8888a5da8e8d323fa9a575e78  amd64/10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.amd64.rpm
1f591a16acfb9c69204865a41df0a917  amd64/10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.amd64.rpm
81a37dafd3c90ece97fd228fe7d733df  amd64/10.0/RPMS/lib64gaim-remote0-1.1.4-2.1.100mdk.amd64.rpm
665f07ab92a205812235526599bf65df  amd64/10.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.100mdk.amd64.rpm
7819e5b641eb8fe7f34e930ff3d699a6  amd64/10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm

Mandrakelinux 10.1

 4cda3906dcb6520428b4f1bc42f6174e  10.1/RPMS/gaim-1.1.4-2.1.101mdk.i586.rpm
49f93da18c44ba5c22c87186e4c0988f  10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.i586.rpm
0f2dda29cdf649ba976cd0721b5a867c  10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.i586.rpm
1bb9c654b3d226b6209a95248fc1723f  10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.i586.rpm
d923dad213f3538205b1ef0cac626a35  10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.i586.rpm
a930169e43850f519a0eacd11212e78a  10.1/RPMS/libgaim-remote0-1.1.4-2.1.101mdk.i586.rpm
dda84886d6c3f18fc24c5b73621bdaef  10.1/RPMS/libgaim-remote0-devel-1.1.4-2.1.101mdk.i586.rpm
729dca43d227506fcf39e6b8583496fa  10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 697c22ee6faa5a0e5e745ca590704b6f  x86_64/10.1/RPMS/gaim-1.1.4-2.1.101mdk.x86_64.rpm
cd39d48dc21ead77da4c9739e9098de0  x86_64/10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.x86_64.rpm
01188511f0315df83f46cee36d9d3427  x86_64/10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.x86_64.rpm
5a44092f51a6de2bf1ebb5f516b91cfa  x86_64/10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.x86_64.rpm
82b356c4f8bd0f43a2bc390ce5c34442  x86_64/10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.x86_64.rpm
038bb0b8edfa3eb9716e9bd08d24cd2c  x86_64/10.1/RPMS/lib64gaim-remote0-1.1.4-2.1.101mdk.x86_64.rpm
149c20340da5935666152c83749ca8d0  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.101mdk.x86_64.rpm
729dca43d227506fcf39e6b8583496fa  x86_64/10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm

Corporate Server 3.0

 face699482ea9de9d93b42c5c8d5a384  corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.i586.rpm
39a2f2e483c68fb3ca5714a0d27e14e9  corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.i586.rpm
a63a03508343e78353edbe99aca94ec9  corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.i586.rpm
3bbcff0593e85157d0e0bb02dfbfa90c  corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.i586.rpm
87ac2f9b85cbaf9309c17ce0fbb9daf9  corporate/3.0/RPMS/libgaim-remote0-1.1.4-2.1.C30mdk.i586.rpm
2352333d9dc21a41645b0f26ae47f6b3  corporate/3.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.C30mdk.i586.rpm
e9d4f10f138cdb3af653f3bb13319f62  corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 fa834d8d43b2cde15f94da06d228c704  x86_64/corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.x86_64.rpm
dd31e9bf2d7497ab5452df2c75194e1b  x86_64/corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.x86_64.rpm
8283718b4bc5a9fa51655b2affed2136  x86_64/corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.x86_64.rpm
11ecf0ed5491cf98f68d0a3224765e1e  x86_64/corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.x86_64.rpm
3c10e0b33ec75788c0a4ac97e8057c58  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.1.4-2.1.C30mdk.x86_64.rpm
f1a2c0cf86d65ed2366d984bfe5104bc  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.C30mdk.x86_64.rpm
e9d4f10f138cdb3af653f3bb13319f62  x86_64/corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473
http://gaim.sourceforge.net/security/index.php?id=10
http://gaim.sourceforge.net/security/index.php?id=11
http://gaim.sourceforge.net/security/index.php?id=12

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer