| Revision Date: | 2005-08-09 | Version: | 502 |
| Title: | RHSA-2005:627: gaim security update (Critical) |
| Description: | Gaim is an Internet Messaging client.
A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.
Daniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2102 to this issue.
A denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2370 to this issue.
Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-2102
CVE-2005-2103
CVE-2005-2370
RHSA-2005:627-01
|
| Platform(s): | Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Release Information Red Hat Enterprise Linux 3 is installed
AND gaim is earlier than 1:1.3.1-0.el3.3
AND gaim is signed with Red Hat master key
OR Package Information
Red Hat Enterprise Linux 4 is installed
AND gaim is earlier than 1:1.3.1-0.el4.3
AND gaim is signed with Red Hat master key
|