LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Ubuntu alert USN-106-1 (gaim)



From:
    	      Martin Pitt <martin.pitt@canonical.com>


To:
    	      ubuntu-security-announce@lists.ubuntu.com


Subject:
    	      [USN-106-1] Gaim vulnerabilities


Date:
    	      Tue, 5 Apr 2005 15:07:17 +0200


Cc:
    	      full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com


===========================================================
Ubuntu Security Notice USN-106-1	     April 05, 2005
gaim vulnerabilities
CAN-2005-0965, CAN-2005-0966
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.3. You have to restart gaim after a standard
system upgrade to effect the necessary changes. 

Details follow:

Jean-Yves Lefort discovered a buffer overflow in the
gaim_markup_strip_html() function. This caused Gaim to crash when
receiving certain malformed HTML messages. (CAN-2005-0965)

Jean-Yves Lefort also noticed that many functions that handle IRC
commands do not escape received HTML metacharacters; this allowed
remote attackers to cause a Denial of Service by injecting arbitrary
HTML code into the conversation window, popping up arbitrarily many
empty dialog boxes, or even causing Gaim to crash. (CAN-2005-0966)

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1...
      Size/MD5:    44905 d03a90434a68d12eb361fd9fbfca7d91

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1...
      Size/MD5:      853 7da3670bdef956122725699e38775026
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1...
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1...
      Size/MD5:  3444332 f844c3edb768a56d5404589b9c42651b

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1...
      Size/MD5:  3354832 61ef71028ec730ee598d889a75588189

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1...
      Size/MD5:  3418174 e0d906d95a46f99de375efabbe713781

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds