| Revision Date: | 2005-05-11 | Version: | 502 |
| Title: | RHSA-2005:429: gaim security update (Critical) |
| Description: | The Gaim application is a multi-protocol instant messaging client.
A stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1261 to this issue.
A bug was found in the way gaim handles malformed MSN messages. A remote attacker could send a carefully crafted MSN message causing gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1262 to this issue.
Users of Gaim are advised to upgrade to this updated package which contains backported patches and is not vulnerable to these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-1261
CVE-2005-1262
RHSA-2005:429-01
|
| Platform(s): | Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Release Information Red Hat Enterprise Linux 3 is installed
AND gaim is earlier than 1:1.2.1-6.el3
AND gaim is signed with Red Hat master key
OR Package Information
Red Hat Enterprise Linux 4 is installed
AND gaim is earlier than 1:1.2.1-6.el4
AND gaim is signed with Red Hat master key
|