MDKSA-2004:117 - Updated gaim packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2004:117
Date: November 1st, 2004
Affected versions: 10.1
______________________________________________________________________
Problem Description:
A vulnerability in the MSN protocol handler in the gaim instant
messenger application was discovered. When receiving unexpected
sequences of MSNSLP messages, it is possible that an attacker could
trigger an internal buffer overflow which could lead to a crash or
even code execution as the user running gaim.
The updated packages are patched to fix this problem. This problem
does not affect Mandrakelinux 10.0 installations.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
6b2e6e52fc0e1da0bb75b7301850387e 10.1/RPMS/gaim-0.82.1-2.1.101mdk.i586.rpm
6846eac8a14b5ff6a0a88aa5aad13edf
10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.i586.rpm
00936e0fc7426aa731249074d09157d9
10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.i586.rpm
9da5d5523a8b36fc269302f846c90326
10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.i586.rpm
66486b28ed9c1ae2a3c51d83098211e6
10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.i586.rpm
5fbd3315fa9d0b044f46c3293506d7ef 10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.i586.rpm
9234881322236a36a3b150ecaa161fbf
10.1/RPMS/libgaim-remote0-0.82.1-2.1.101mdk.i586.rpm
ff323c8ca35ac7f7d06bf1dc559b0971
10.1/RPMS/libgaim-remote0-devel-0.82.1-2.1.101mdk.i586.rpm
f397ccb1e39cf3db656e5375d1d238b5 10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
0df2813a1751c7a768c4fdff3a191443
x86_64/10.1/RPMS/gaim-0.82.1-2.1.101mdk.x86_64.rpm
39e701d2adf67e1c74bd8b131ede3d5e
x86_64/10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.x86_64.rpm
22216a8ac0776d8de42d6f5a7de3b427
x86_64/10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.x86_64.rpm
020f9285bcca532427cfcfd052d96235
x86_64/10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.x86_64.rpm
4de10661d941c2a9dc7f1a64071f868f
x86_64/10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.x86_64.rpm
92e8ce4e22e77c1235915a0ee68df2ab
x86_64/10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.x86_64.rpm
5bf30cddc4f32809a346c2cadef3913a
x86_64/10.1/RPMS/lib64gaim-remote0-0.82.1-2.1.101mdk.x86_64.rpm
38797f001f6811fca52e32319d14923c
x86_64/10.1/RPMS/lib64gaim-remote0-devel-0.82.1-2.1.101mdk.x86_64.rpm
f397ccb1e39cf3db656e5375d1d238b5
x86_64/10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBhtGkmqjQ0CJFipgRAsoPAKDEMvnlTFXSgDZLVrQkpaqIKfXFkwCgr5zh
LdUWMp21jmF8nn7bv0AZxvw=
=HcqR
-----END PGP SIGNATURE-----