Advisories

Mandriva Advisories

Package name	gaim
Date	August 29th, 2002
Advisory ID	MDKSA-2002:054
Affected versions	7.1, 7.2, 8.0, 8.1, 8.2, CS1.0
Synopsis	Updated gaim packages fix URL-handling insecurities

Problem Description

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a
buffer overflow in the Jabber plug-in module. As well, a vulnerability
was discovered in the URL-handling code, where the "manual" browser
command passes an untrusted string to the shell without reliable
quoting or escaping. This allows an attacker to execute arbitrary
commands on the user's machine with the user's permissions. Those
using the built-in browser commands are not vulnerable.

Updated Packages

Mandrakelinux 7.1

 cc3f1b72c0b0a046c2d6e271ac4ef9a8  7.1/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  7.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 7.2

 9fcfb20bdd27480122c97acd5b1db53a  7.2/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  7.2/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 8.0

 095f6c8aadaf06732dc8398e8217fb3c  8.0/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  8.0/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 d078adbe132c822880c1e50043ba7edd  ppc/8.0/RPMS/gaim-0.59.1-1.1mdk.ppc.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  ppc/8.0/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 8.1

 095f6c8aadaf06732dc8398e8217fb3c  8.1/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  8.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 5c1d08e501dc2f889bf7ddcd27b551d2  ia64/8.1/RPMS/gaim-0.59.1-1.1mdk.ia64.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  ia64/8.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 8.2

 b18399b33a517de8af524c326e9b539b  8.2/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  8.2/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 0110ef0414286614261da0aa9749751f  ppc/8.2/RPMS/gaim-0.59.1-1.1mdk.ppc.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  ppc/8.2/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

Corporate Server 1.0.1

 cc3f1b72c0b0a046c2d6e271ac4ef9a8  1.0.1/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  1.0.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0989
http://online.securityfocus.com/bid/3357
http://gaim.sourceforge.net/ChangeLog

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer