Fedora alert FEDORA-2008-9293 (libgadu)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 9 Update: libgadu-1.8.2-1.fc9 | |
| Date: | Thu, 30 Oct 2008 12:56:14 +0000 | |
| Message-ID: | <20081030125614.62980208D5F@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-9293 2008-10-30 11:49:26 -------------------------------------------------------------------------------- Name : libgadu Product : Fedora 9 Version : 1.8.2 Release : 1.fc9 URL : http://toxygen.net/libgadu/ Summary : A Gadu-gadu protocol compatible communications library Description : libgadu is intended to make it easy to add Gadu-Gadu communication support to your software. -------------------------------------------------------------------------------- Update Information: Security fix for denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. Successful exploitation would require a man-in-the-middle attack or hacking the Gadu-Gadu servers. No known exploits. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 26 2008 Dominik Mierzejewski <rpm@greysector.net> 1.8.2-1 - updated to 1.8.2 (security update) - preserve timestamps during make install - put defattr at the top of files section (fixes rpmlint error) * Wed Jun 18 2008 Dominik Mierzejewski <rpm@greysector.net> 1.8.1-1 - updated to 1.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #468830 - libgadu: contact description buffer overrun vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=468830 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libgadu' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...