Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in gaim
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in gaim
ID: USN-168-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04
Datum: Sa, 13. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370
Applikationen: Pidgin

Originalnachricht

 
--===============0254415795=	protocol="application/pgp-signature";
 boundary="W/nzBZO5zC0uMSeA"
Content-Disposition: inline


--W/nzBZO5zC0uMSeA
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-168-1	    August 12, 2005
gaim vulnerabilities
CAN-2005-2102, CAN-2005-2103, CAN-2005-2370
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.8 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.4
(for Ubuntu 5.04).  After performing a standard system upgrade you
need to restart Gaim to effect the necessary changes.

Details follow:

Daniel Atallah discovered a Denial of Service vulnerability in the
file transfer handler of OSCAR (the module that handles various
instant messaging protocols like ICQ). A remote attacker could crash
the Gaim client of an user by attempting to send him a file with
a name that contains invalid UTF-8 characters. (CAN-2005-2102)

It was found that specially crafted "away" messages triggered a buffer
overflow. A remote attacker could exploit this to crash the Gaim
client or possibly even execute arbitrary code with the permissions of
the Gaim user. (CAN-2005-2103)

Szymon Zygmunt and Micha=C5=82 Bartoszkiewicz discovered a memory alignment
error in the Gadu library, which was fixed in USN-162-1. However, it
was discovered that Gaim contains a copy of the vulnerable code. By
sending specially crafted messages over the Gadu protocol, a remote
attacker could crash Gaim. (CAN-2005-2370)

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    gaim_1.0.0-1ubuntu1.8.diff.gz
      Size/MD5:    49554 19d8f02e32c2bfbb781961bc4b29b6c6
    gaim_1.0.0-1ubuntu1.8.dsc
      Size/MD5:      853 07f788c5d240af40778e4b84a280b7e8
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    gaim_1.0.0-1ubuntu1.8_amd64.deb
      Size/MD5:  3445098 39cc6718175688a9eb1c618552bd1144

  i386 architecture (x86 compatible Intel/AMD)

    gaim_1.0.0-1ubuntu1.8_i386.deb
      Size/MD5:  3355494 484ba99bfb13a57b46c2ac1bac02d4a7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    gaim_1.0.0-1ubuntu1.8_powerpc.deb
      Size/MD5:  3418764 7e6a6f488a4c9ea5f7df9ead0e9374c5

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    gaim_1.1.4-1ubuntu4.4.diff.gz
      Size/MD5:   109435 fbb5c0bb0acf56ae1b30b883d434091a
    gaim_1.1.4-1ubuntu4.4.dsc
      Size/MD5:      991 231442b5411b0b85206a8c11072eb938
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
      Size/MD5:  5188552 b55bf3217b271918384f3f015a6e5b62

  Architecture independent packages:

    gaim-data_1.1.4-1ubuntu4.4_all.deb
      Size/MD5:   603832 187b963e949e4f2d7f72562a6c1c9842

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    gaim-dev_1.1.4-1ubuntu4.4_amd64.deb
      Size/MD5:   101638 6e5f72417c9d69abf0fc2088d5daf583
    gaim_1.1.4-1ubuntu4.4_amd64.deb
      Size/MD5:   934286 739c508464a48d5fdbd3135354f23832

  i386 architecture (x86 compatible Intel/AMD)

    gaim-dev_1.1.4-1ubuntu4.4_i386.deb
      Size/MD5:   101638 66c79b84fe8ba9e3157c135749244b1b
    gaim_1.1.4-1ubuntu4.4_i386.deb
      Size/MD5:   845702 66e2879305e03414e5e3f12ac4d6b863

  powerpc architecture (Apple Macintosh G3/G4/G5)

    gaim-dev_1.1.4-1ubuntu4.4_powerpc.deb
      Size/MD5:   101638 31ffb30d793c1d0913777c431f284441
    gaim_1.1.4-1ubuntu4.4_powerpc.deb
      Size/MD5:   910546 29bdc18bf2b6e4d97e708802a39dde85

--W/nzBZO5zC0uMSeA
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC/K6BDecnbV4Fd/IRApSEAJ4jStAztQ9Nuu6jb/GaK0PRfD9/vACeK9Zw
A7eEBiBc7e+/QuM56YSK7fc=
=sp6s
-----END PGP SIGNATURE-----

--W/nzBZO5zC0uMSeA--


--===============0254415795=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce



--===============0254415795==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung