LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New gaim packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 734-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 5th, 2005                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gaim
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-1269 CAN-2005-1934

Two denial of service problems have been discovered in Gaim, a
multi-protocol instant messaging client.  The Common Vulnerabilities
and Exposures project identifies the following problems:

CAN-2005-1269

    A malformed Yahoo filename can result in a crash of the application.

CAN-2005-1934

    A malformed MSN message can lead to incorrect memory allocation
    resulting in a crash of the application.

The old stable distribution (woody) does not seem to be affected.

For the stable distribution (sarge) these problems have been fixed in
version 1.2.1-1.3.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.1-1.

We recommend that you upgrade your gaim package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3.dsc
      Size/MD5 checksum:      915 08a8121dcf20f0e36c99468cbaaac002
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3.diff.gz
      Size/MD5 checksum:    31431 09e9da9c18435f6d667c6e80c9ab26d0
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1.orig.tar.gz
      Size/MD5 checksum:  5215565 866598947a30005c9d2a4466c7182e2a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gaim/gaim-data_1.2.1-1.3_all.deb
      Size/MD5 checksum:  2838688 76c3d0b41415b4cb2d1edb3ed1d5f2c1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_alpha.deb
      Size/MD5 checksum:  1068836 99128d827c71cb5a35aeffc9825bc6da
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_alpha.deb
      Size/MD5 checksum:   102376 8964c622cba173c9ba8cc8ef7983cf5f

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_arm.deb
      Size/MD5 checksum:   817872 7ee2f80c4b85f8ea12880d2ad0e7621d
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_arm.deb
      Size/MD5 checksum:   102396 e9fde25b9022a9deef7fcb261f5244e4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_i386.deb
      Size/MD5 checksum:   879304 02c7ea4fc0221adf68ba5cdb565577dd
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_i386.deb
      Size/MD5 checksum:   102456 a28253b1296809d8b550824071a56e0f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_ia64.deb
      Size/MD5 checksum:  1264300 90f0e5fe37360d51b657b34efb10d1fd
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_ia64.deb
      Size/MD5 checksum:   102366 b87cebb6c4baac35150397e410f275ea

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_hppa.deb
      Size/MD5 checksum:  1006988 f752b9a1ffe56551ca7be8788cd276e2
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_hppa.deb
      Size/MD5 checksum:   102416 b5fe26c4a7dc7e0f587ffe96303f4573

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_m68k.deb
      Size/MD5 checksum:   815860 7ee86bf4293389262fa6cfb4fbc67f19
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_m68k.deb
      Size/MD5 checksum:   102492 374e90c3d09183b34d010fcd350ec8c6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_mips.deb
      Size/MD5 checksum:   855152 dc79ea02eadb95e5c047b73726852079
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_mips.deb
      Size/MD5 checksum:   102436 2d87357f298bb0257fa67feaacb52d81

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_mipsel.deb
      Size/MD5 checksum:   846430 3d45b57cf061fe01ceba0ac0ac1d1e83
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_mipsel.deb
      Size/MD5 checksum:   102378 dc0bd0059286063cc07474fdf59a69b3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_powerpc.deb
      Size/MD5 checksum:   913466 05eebe5e52d3b6eceacecf46d68fe077
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_powerpc.deb
      Size/MD5 checksum:   102372 046b702811efab2bd95db4ea7d944099

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_s390.deb
      Size/MD5 checksum:   946232 876000b9f88e639426c6690ab73740d0
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_s390.deb
      Size/MD5 checksum:   102368 fe438d64fd244c2af559be56fde54090

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_sparc.deb
      Size/MD5 checksum:   850740 451213584a4ded0cc848ef96b91aebb0
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_sparc.deb
      Size/MD5 checksum:   102384 62f0b8409fa18b8edcf069c7c59f8279


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.