<<< Date Index >>>     <<< Thread Index >>>

[PLSN-0002] - Multiple vulnerabilities in Gaim



---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0002
April 20, 2005

Multiple remote vulnerabilities in Gaim
CAN-2005-0965, CAN-2005-0966, CAN-2005-0967, CAN-2005-0208, CAN-2005-0473,
CAN-2005-0472
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtree Linux release 1 ("Atlanta")

Description:

   CAN-2005-0965:  The gaim_markup_strip_html function in Gaim 1.2.0, and
   possibly earlier versions, allows remote attackers to cause a denial of
   service (application crash) via a string that contains malformed HTML,
   which causes an out-of-bounds read.

   CAN-2005-0966:  The IRC protocol plugin in Gaim 1.2.0, and possibly
   earlier versions, allows (1) remote attackers to inject arbitrary Gaim
   markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2)
   remote attackers to inject arbitrary Pango markup and pop up empty
   dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause
   a denial of service (application crash) by injecting certain Pango
   markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown,
   irc_msg_nochan functions.

   CAN-2005-0967:  Gaim 1.2.0 allows remote attackers to cause a denial
   of service (application crash) via a malformed file transfer request
   to a Jabber user, which leads to an out-of-bounds read.

   CAN-2005-0208:  The HTML parsing functions in Gaim before 1.1.4 allow
   remote attackers to cause a denial of service (application crash) via
   malformed HTML that causes "an invalid memory access," a different
   vulnerability than CAN-2005-0473.

   CAN-2005-0473:  The HTML parsing functions in Gaim before 1.1.3 allow
   remote attackers to cause a denial of service (application crash) via
   malformed HTML that causes "an invalid memory access," a different
   vulnerability than CAN-2005-0208.

   CAN-2005-0472:  Gaim before 1.1.3 allows remote attackers to cause a
   denial of service (infinite loop) via malformed SNAC packets from (1)
   AIM or (2) ICQ.

Packages:

   Download the updated gaim package for your release of Peachtree Linux
   and your host architecture.  The main updates site is:

      http://peachtree.burdell.org/updates/

   Updated packages available for Peachtree Linux release 1 ("Atlanta"):

      alpha
         4aadbdb96b4ce84d636bebc9a91cca26  gaim-1.2.1.alpha.dist

      i386
         5b00656d3f2bf2ce224ef8df96361d32  gaim-1.2.1.i686.dist

      ppc
         5378ffd8f0b31d3bb3fa40cded1429b0  gaim-1.2.1.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree Linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where packagename is the name of the package file from the list above.

   After installation of the new package, kill any running gaim processes
   and reload the application.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

Attachment: pgpr4ippcZGfT.pgp
Description: PGP signature