drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in gaim
Name: |
Mehrere Probleme in gaim
|
|
ID: |
USN-168-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04 |
|
Datum: |
Sa, 13. August 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370 |
|
Applikationen: |
Pidgin |
|
Originalnachricht |
--===============0254415795= protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline
--W/nzBZO5zC0uMSeA Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
=========================================================== Ubuntu Security Notice USN-168-1 August 12, 2005 gaim vulnerabilities CAN-2005-2102, CAN-2005-2103, CAN-2005-2370 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
gaim
The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.8 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.4 (for Ubuntu 5.04). After performing a standard system upgrade you need to restart Gaim to effect the necessary changes.
Details follow:
Daniel Atallah discovered a Denial of Service vulnerability in the file transfer handler of OSCAR (the module that handles various instant messaging protocols like ICQ). A remote attacker could crash the Gaim client of an user by attempting to send him a file with a name that contains invalid UTF-8 characters. (CAN-2005-2102)
It was found that specially crafted "away" messages triggered a buffer overflow. A remote attacker could exploit this to crash the Gaim client or possibly even execute arbitrary code with the permissions of the Gaim user. (CAN-2005-2103)
Szymon Zygmunt and Micha=C5=82 Bartoszkiewicz discovered a memory alignment error in the Gadu library, which was fixed in USN-162-1. However, it was discovered that Gaim contains a copy of the vulnerable code. By sending specially crafted messages over the Gadu protocol, a remote attacker could crash Gaim. (CAN-2005-2370)
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
gaim_1.0.0-1ubuntu1.8.diff.gz Size/MD5: 49554 19d8f02e32c2bfbb781961bc4b29b6c6 gaim_1.0.0-1ubuntu1.8.dsc Size/MD5: 853 07f788c5d240af40778e4b84a280b7e8 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
gaim_1.0.0-1ubuntu1.8_amd64.deb Size/MD5: 3445098 39cc6718175688a9eb1c618552bd1144
i386 architecture (x86 compatible Intel/AMD)
gaim_1.0.0-1ubuntu1.8_i386.deb Size/MD5: 3355494 484ba99bfb13a57b46c2ac1bac02d4a7
powerpc architecture (Apple Macintosh G3/G4/G5)
gaim_1.0.0-1ubuntu1.8_powerpc.deb Size/MD5: 3418764 7e6a6f488a4c9ea5f7df9ead0e9374c5
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
gaim_1.1.4-1ubuntu4.4.diff.gz Size/MD5: 109435 fbb5c0bb0acf56ae1b30b883d434091a gaim_1.1.4-1ubuntu4.4.dsc Size/MD5: 991 231442b5411b0b85206a8c11072eb938 http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz Size/MD5: 5188552 b55bf3217b271918384f3f015a6e5b62
Architecture independent packages:
gaim-data_1.1.4-1ubuntu4.4_all.deb Size/MD5: 603832 187b963e949e4f2d7f72562a6c1c9842
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
gaim-dev_1.1.4-1ubuntu4.4_amd64.deb Size/MD5: 101638 6e5f72417c9d69abf0fc2088d5daf583 gaim_1.1.4-1ubuntu4.4_amd64.deb Size/MD5: 934286 739c508464a48d5fdbd3135354f23832
i386 architecture (x86 compatible Intel/AMD)
gaim-dev_1.1.4-1ubuntu4.4_i386.deb Size/MD5: 101638 66c79b84fe8ba9e3157c135749244b1b gaim_1.1.4-1ubuntu4.4_i386.deb Size/MD5: 845702 66e2879305e03414e5e3f12ac4d6b863
powerpc architecture (Apple Macintosh G3/G4/G5)
gaim-dev_1.1.4-1ubuntu4.4_powerpc.deb Size/MD5: 101638 31ffb30d793c1d0913777c431f284441 gaim_1.1.4-1ubuntu4.4_powerpc.deb Size/MD5: 910546 29bdc18bf2b6e4d97e708802a39dde85
--W/nzBZO5zC0uMSeA Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC/K6BDecnbV4Fd/IRApSEAJ4jStAztQ9Nuu6jb/GaK0PRfD9/vACeK9Zw A7eEBiBc7e+/QuM56YSK7fc= =sp6s -----END PGP SIGNATURE-----
--W/nzBZO5zC0uMSeA--
--===============0254415795=MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0254415795==--
|
|
|
|