Conectiva alert: gaim

Posted by dave on Feb 10, 2004 12:09 PM EDT
Mailing list
Mail this story
Print this story

Stefan Esser found[1] several remote vulnerabilities in Gaim. A remote attacker can use specially crafted network packets to exploit at least one of these vulnerabilities and execute arbitrary code in the context of the user running the program or cause a denial of service condition.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - --------------------------------------------------------------------------

PACKAGE : gaim SUMMARY : Several remote vulnerabilities DATE : 2004-02-10 19:03:00 ID : CLA-2004:813 RELEVANT RELEASES : 8, 9

- -------------------------------------------------------------------------

DESCRIPTION Gaim is a multi-protocol, multi-platform instant messaging client. Stefan Esser found[1] several remote vulnerabilities in Gaim. A remote attacker can use specially crafted network packets to exploit at least one of these vulnerabilities and execute arbitrary code in the context of the user running the program or cause a denial of service condition. This update includes updated packages for Conectiva Linux 8 (Gaim 0.58.8) and Conectiva Linux 9 (Gaim 0.75). The vulnerabilities vary accordingly to the version used, but both are susceptible to remote attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0005, CAN-2004-0006, CAN-2004-0007 and CAN-2004-0008 to the issues discovered[2,3,4,5].

SOLUTION All gaim users should upgrade. REFERENCES 1.http://security.e-matters.de/advisories/012004.html 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0006 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0007 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0008

UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/RPMS/gaim-0.59.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/gaim-0.59.8-1U80_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/gaim-0.75-27683U90_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/gaim-0.75-27683U90_1cl.src.rpm

ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades:

- run: apt-get update - after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

- ------------------------------------------------------------------------- Copyright (c) 2004 Conectiva Inc. http://www.conectiva.com

- ------------------------------------------------------------------------- subscribe: [E-mail:conectiva-updates-subscribe@papaleguas.conectiva.com.br] unsubscribe: [E-mail:conectiva-updates-unsubscribe@papaleguas.conectiva.com.br] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQFAKUdY42jd0JmAcZARAnIEAJ9eg454Hgf7csNapnUh2w4SxBrRUwCgzeZO TR8BxUS2KYXfdgwffUc29dU= =I9Hh -----END PGP SIGNATURE-----



  Nav
» Read more about: Story Type: Security; Groups: Conectiva

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.