Skip to navigation

Security Advisory gaim security update

Advisory: RHSA-2004:604-05
Type: Security Advisory
Severity: Important
Issued on: 2004-10-20
Last updated on: 2004-10-20
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0891

Details

An updated gaim package that fixes security issues, fixes various bugs, and
includes various enhancements for Red Hat Enterprise Linux 3 is now avaliable.

The gaim application is a multi-protocol instant messaging client.

A buffer overflow has been discovered in the MSN protocol handler. When
receiving unexpected sequence of MSNSLP messages, it is possible that an
attacker could cause an internal buffer overflow, leading to a crash or
possible code execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0891 to this issue.

This updated gaim package also fixes multiple user interface, protocol, and
error handling problems, including an ICQ communication encoding issue.

Additionally, these updated packages have compiled gaim as a PIE (position
independent executable) for added protection against future security
vulnerabilities.

All users of gaim should upgrade to this updated package, which includes
various bug fixes, as well as a backported security patch.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
gaim-1.0.1-1.RHEL3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: bb309fe79e51417111b274e0f5155c83
 
IA-32:
gaim-1.0.1-1.RHEL3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 2d0e9ad1d407f5efffea2d971ce798d2
 
x86_64:
gaim-1.0.1-1.RHEL3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: b029fd04d138c71bb2a60153e9254342
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
gaim-1.0.1-1.RHEL3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: bb309fe79e51417111b274e0f5155c83
 
IA-32:
gaim-1.0.1-1.RHEL3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 2d0e9ad1d407f5efffea2d971ce798d2
 
IA-64:
gaim-1.0.1-1.RHEL3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: abcc7aa6f38c709bb923f9db5f13599b
 
PPC:
gaim-1.0.1-1.RHEL3.ppc.rpm
File outdated by:  RHBA-2006:0135
    MD5: dfef22e12d377b4b08ef13b213c6a918
 
s390:
gaim-1.0.1-1.RHEL3.s390.rpm
File outdated by:  RHBA-2006:0135
    MD5: 699edb7cfbd252a64e11850bf489ab2f
 
s390x:
gaim-1.0.1-1.RHEL3.s390x.rpm
File outdated by:  RHBA-2006:0135
    MD5: c2b6150317cd865a50b5fc4f94031619
 
x86_64:
gaim-1.0.1-1.RHEL3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: b029fd04d138c71bb2a60153e9254342
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
gaim-1.0.1-1.RHEL3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: bb309fe79e51417111b274e0f5155c83
 
IA-32:
gaim-1.0.1-1.RHEL3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 2d0e9ad1d407f5efffea2d971ce798d2
 
IA-64:
gaim-1.0.1-1.RHEL3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: abcc7aa6f38c709bb923f9db5f13599b
 
x86_64:
gaim-1.0.1-1.RHEL3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: b029fd04d138c71bb2a60153e9254342
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
gaim-1.0.1-1.RHEL3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: bb309fe79e51417111b274e0f5155c83
 
IA-32:
gaim-1.0.1-1.RHEL3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 2d0e9ad1d407f5efffea2d971ce798d2
 
IA-64:
gaim-1.0.1-1.RHEL3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: abcc7aa6f38c709bb923f9db5f13599b
 
x86_64:
gaim-1.0.1-1.RHEL3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: b029fd04d138c71bb2a60153e9254342
 

Bugs fixed (see bugzilla for more information)

135678 - CAN-2004-0891 MSN protocol buffer overflow.


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/