blob: fa5d25b6a1044a7555fbf7b9ba774ff4a7c468ad (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
<title>Debian testing security team - Advisory</title>
<link type="text/css" rel="stylesheet" href="../style.css">
<link rel="shortcut icon" href="http://www.debian.org/favicon.ico">
</head>
<body>
<div align="center">
<a href="http://www.debian.org/">
<img src="http://www.debian.org/logos/openlogo-nd-50.png" border="0" hspace="0" vspace="0" alt=""></a>
<a href="http://www.debian.org/">
<img src="http://www.debian.org/Pics/debian.png" border="0" hspace="0" vspace="0" alt="Debian Project"></a>
</div>
<br />
<table class="reddy" width="100%">
<tr>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-upperleft.png" align="left" border="0" hspace="0" vspace="0"
alt="" width="15" height="16"></td>
<td rowspan="2" class="reddy">Debian testing security team - Advisory</td>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-upperright.png" align="right" border="0" hspace="0" vspace="0"
alt="" width="16" height="16"></td>
</tr>
<tr>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-lowerleft.png" align="left" border="0" hspace="0" vspace="0"
alt="" width="16" height="16"></td>
<td class="reddy">
<img src="http://www.debian.org/Pics/red-lowerright.png" align="right" border="0" hspace="0" vspace="0"
alt="" width="15" height="16"></td>
</tr>
</table>
<!-- header -->
<h2>DTSA-5-1</h2>
<dl>
<dt>Date Reported:</dt>
<dd>August 28th, 2005</dd>
<dt>Affected Package:</dt>
<dd><a href='http://packages.debian.org/src:gaim'>gaim</a></dd>
<dt>Vulnerability:</dt>
<dd>multiple remote vulnerabilities</dd>
<dt>Problem-Scope:</dt>
<dd>remote</dd>
<dt>Debian-specific:</dt>
<dd>No<br></dd>
<dt>CVE:</dt>
<dd>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2102'>CVE-2005-2102</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370'>CVE-2005-2370</a>
<a href='http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103'>CVE-2005-2103</a>
<br></dd>
<br><dt>More information:</dt>
<dd>Multiple security holes were found in gaim: <br>
<br>
CVE-2005-2102 <br>
<br>
The AIM/ICQ module in Gaim allows remote attackers to cause a denial of <br>
service (application crash) via a filename that contains invalid UTF-8 <br>
characters. <br>
<br>
CVE-2005-2370 <br>
<br>
Multiple memory alignment errors in libgadu, as used in gaim and other <br>
packages, allow remote attackers to cause a denial of service (bus error) <br>
on certain architectures such as SPARC via an incoming message. <br>
<br>
CVE-2005-2103 <br>
<br>
Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers <br>
to cause a denial of service (application crash) and possibly execute <br>
arbitrary code via an away message with a large number of AIM substitution <br>
strings, such as %t or %n. <br>
</dd>
<br><dt>For the testing distribution (etch) this is fixed in version 1:1.4.0-5etch2</dt>
<dt>For the unstable distribution (sid) this is fixed in version 1:1.4.0-5</dt>
<br><dt>This upgrade is recommended if you use gaim.<dt>
<br><dt>If you have the secure testing lines in your sources.list, you can update by running this command as root:</dt>
<dd>apt-get update && apt-get install gaim</dd>
<br>
<dt>The Debian testing security team does not track security issues for then stable (sarge) and oldstable (woody) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready.</dt>
<br>
<dt>To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:<dt>
<br>
<dd>deb http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd>
<dd>deb-src http://secure-testing.debian.net/debian-secure-testing etch/security-updates main contrib non-free</dd>
<br>
<dt>The archive signing key can be downloaded from<dt>
<dd><a href='http://testing-security.debian.net/ziyi-2005-7.asc'>http://testing-security.debian.net/ziyi-2005-7.asc</a><dd>
<br>
<dt>For further information about the Debian testing security team, please refer to <a href='http://testing-security.debian.net/'>http://testing-security.debian.net/</a></dt>
<!-- footer -->
<hr>
<a href="http://validator.w3.org/check?uri=referer">
<img border="0" src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" height="31" width="88"></a>
<a href="http://jigsaw.w3.org/css-validator/check/referer">
<img border="0" src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"
height="31" width="88"></a>
</body></html>
|
