Skip to navigation

Security Advisory gaim security update

Advisory: RHSA-2005:215-11
Type: Security Advisory
Severity: Important
Issued on: 2005-03-10
Last updated on: 2005-03-10
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0208
CVE-2005-0472
CVE-2005-0473

Details

An updated gaim package that fixes various security issues as well as a
number of bugs is now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Gaim application is a multi-protocol instant messaging client.

Two HTML parsing bugs were discovered in Gaim. It is possible that a remote
attacker could send a specially crafted message to a Gaim client, causing
it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to
these issues.

A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC packet
to a Gaim client, causing the client to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0472 to this issue.

Additionally, various client crashes, memory leaks, and protocol issues
have been resolved.

Users of Gaim are advised to upgrade to this updated package which contains
Gaim version 1.1.4 and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
gaim-1.1.4-1.EL3.1.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 218ff6d08503544284b364936d3e0190
 
x86_64:
gaim-1.1.4-1.EL3.1.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 07d199a6d844c82d24ecdbdfa5e1b261
 
Red Hat Desktop (v. 4)

IA-32:
gaim-1.1.4-1.EL4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: 2094ebb0841241f3e1e93746eb9f866f
 
x86_64:
gaim-1.1.4-1.EL4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 01bf8fe852d882f007be5e7dc0da9326
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
gaim-1.1.4-1.EL3.1.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 218ff6d08503544284b364936d3e0190
 
IA-64:
gaim-1.1.4-1.EL3.1.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 83c88870e4f7768d31d4d49080cd7ee7
 
PPC:
gaim-1.1.4-1.EL3.1.ppc.rpm
File outdated by:  RHBA-2006:0135
    MD5: ed065290789b7c1b853b48190196e489
 
s390:
gaim-1.1.4-1.EL3.1.s390.rpm
File outdated by:  RHBA-2006:0135
    MD5: 661cb60fd773860efd3b650ef71dbbdc
 
s390x:
gaim-1.1.4-1.EL3.1.s390x.rpm
File outdated by:  RHBA-2006:0135
    MD5: 37328ca4a27e3c723728b52250b55ecc
 
x86_64:
gaim-1.1.4-1.EL3.1.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 07d199a6d844c82d24ecdbdfa5e1b261
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
gaim-1.1.4-1.EL4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: 2094ebb0841241f3e1e93746eb9f866f
 
IA-64:
gaim-1.1.4-1.EL4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: ab04967c0d74ff2bf06357e4f28d8926
 
PPC:
gaim-1.1.4-1.EL4.ppc.rpm
File outdated by:  RHBA-2006:0133
    MD5: ab7f56bd3e2dcc698bdd7891c1d2e7b7
 
s390:
gaim-1.1.4-1.EL4.s390.rpm
File outdated by:  RHBA-2006:0133
    MD5: fe5232ce6fe076d36be9661456bc8adc
 
s390x:
gaim-1.1.4-1.EL4.s390x.rpm
File outdated by:  RHBA-2006:0133
    MD5: f9bcc40e04a4292946438d39d52b01fc
 
x86_64:
gaim-1.1.4-1.EL4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 01bf8fe852d882f007be5e7dc0da9326
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
gaim-1.1.4-1.EL3.1.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 218ff6d08503544284b364936d3e0190
 
IA-64:
gaim-1.1.4-1.EL3.1.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 83c88870e4f7768d31d4d49080cd7ee7
 
x86_64:
gaim-1.1.4-1.EL3.1.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 07d199a6d844c82d24ecdbdfa5e1b261
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
gaim-1.1.4-1.EL4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: 2094ebb0841241f3e1e93746eb9f866f
 
IA-64:
gaim-1.1.4-1.EL4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: ab04967c0d74ff2bf06357e4f28d8926
 
x86_64:
gaim-1.1.4-1.EL4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 01bf8fe852d882f007be5e7dc0da9326
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
gaim-1.1.4-1.EL3.1.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 218ff6d08503544284b364936d3e0190
 
IA-64:
gaim-1.1.4-1.EL3.1.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 83c88870e4f7768d31d4d49080cd7ee7
 
x86_64:
gaim-1.1.4-1.EL3.1.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: 07d199a6d844c82d24ecdbdfa5e1b261
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
gaim-1.1.4-1.EL4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: 2094ebb0841241f3e1e93746eb9f866f
 
IA-64:
gaim-1.1.4-1.EL4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: ab04967c0d74ff2bf06357e4f28d8926
 
x86_64:
gaim-1.1.4-1.EL4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 01bf8fe852d882f007be5e7dc0da9326
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

149273 - CAN-2005-0472 Gaim DoS issues (CAN-2005-0473)
149533 - CAN-2005-0208 Gaim HTML parsing DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/