Sicherheit: Ausführen beliebiger Kommandos in gaim

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1244046269-27111-5016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:127
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gaim
Date : June 3, 2009
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

It was discovered that Gaim did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send
a specially crafted message and possibly execute arbitrary code with
user privileges. (CVE-2008-2927)
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
f33a114cbf007f28fd6e8198ca1ebca2
corporate/3.0/i586/gaim-1.5.0-0.2.C30mdk.i586.rpm
36237a65920d5ed005aa3a15a4cd3c56
corporate/3.0/i586/gaim-devel-1.5.0-0.2.C30mdk.i586.rpm
638615c071a4118e4ecbec232930308d
corporate/3.0/i586/gaim-perl-1.5.0-0.2.C30mdk.i586.rpm
c4d0735b587705b70c1423b4a79d89ca
corporate/3.0/i586/gaim-tcl-1.5.0-0.2.C30mdk.i586.rpm
7db03353a62b5de39906113c585c5fb4
corporate/3.0/i586/libgaim-remote0-1.5.0-0.2.C30mdk.i586.rpm
671616d112af90f9cffc359aa08c764f
corporate/3.0/i586/libgaim-remote0-devel-1.5.0-0.2.C30mdk.i586.rpm
43d70b5e7e3dda956660cda4a88e9e8b
corporate/3.0/SRPMS/gaim-1.5.0-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
1c01cd160fc75a94efec2aa945e36b35
corporate/3.0/x86_64/gaim-1.5.0-0.2.C30mdk.x86_64.rpm
8262c9b0566cd80792c0bdc937821125
corporate/3.0/x86_64/gaim-devel-1.5.0-0.2.C30mdk.x86_64.rpm
d3ca7daf40fcae4792f3e005e546a1f2
corporate/3.0/x86_64/gaim-perl-1.5.0-0.2.C30mdk.x86_64.rpm
23d7f53561346118cbf3aef045a325a5
corporate/3.0/x86_64/gaim-tcl-1.5.0-0.2.C30mdk.x86_64.rpm
d1f44f583038fe88d01afb1df936072f
corporate/3.0/x86_64/lib64gaim-remote0-1.5.0-0.2.C30mdk.x86_64.rpm
fbb9ef34e9771a666717d6ea45246cf1
corporate/3.0/x86_64/lib64gaim-remote0-devel-1.5.0-0.2.C30mdk.x86_64.rpm
43d70b5e7e3dda956660cda4a88e9e8b
corporate/3.0/SRPMS/gaim-1.5.0-0.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKJniEmqjQ0CJFipgRAmmYAJ9Ws9bVrOxm9QaFSM7UmlpwR4qYSQCfeaER
dMI/55ysmlo17nZXRkr0P2k=
=NIbs
-----END PGP SIGNATURE-----

------------=_1244046269-27111-5016
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1244046269-27111-5016--