| Revision Date: | 2005-04-12 | Version: | 502 |
| Title: | RHSA-2005:365: gaim security update (Important) |
| Description: | The Gaim application is a multi-protocol instant messaging client.
A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue.
A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0966 to this issue.
A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0967 to this issue.
In addition to these denial of service issues, multiple minor upstream bugfixes are included in this update.
Users of Gaim are advised to upgrade to this updated package which contains Gaim version 1.2.1 and is not vulnerable to these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-0965
CVE-2005-0966
CVE-2005-0967
RHSA-2005:365-01
|
| Platform(s): | Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Release Information Red Hat Enterprise Linux 3 is installed
AND gaim is earlier than 1:1.2.1-4.el3
AND gaim is signed with Red Hat master key
OR Package Information
Red Hat Enterprise Linux 4 is installed
AND gaim is earlier than 1:1.2.1-4.el4
AND gaim is signed with Red Hat master key
|