Skip to navigation

Security Advisory gaim security update

Advisory: RHSA-2005:365-06
Type: Security Advisory
Severity: Important
Issued on: 2005-04-12
Last updated on: 2005-04-12
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0965
CVE-2005-0966
CVE-2005-0967

Details

An updated gaim package that fixes multiple denial of service issues is now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Gaim application is a multi-protocol instant messaging client.

A buffer overflow bug was found in the way gaim escapes HTML. It is
possible that a remote attacker could send a specially crafted message to a
Gaim client, causing it to crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue.

A bug was found in several of gaim's IRC processing functions. These
functions fail to properly remove various markup tags within an IRC
message. It is possible that a remote attacker could send a specially
crafted message to a Gaim client connected to an IRC server, causing it to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0966 to this issue.

A bug was found in gaim's Jabber message parser. It is possible for a
remote Jabber user to send a specially crafted message to a Gaim client,
causing it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0967 to this issue.

In addition to these denial of service issues, multiple minor upstream
bugfixes are included in this update.

Users of Gaim are advised to upgrade to this updated package which contains
Gaim version 1.2.1 and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
gaim-1.2.1-4.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 912bf1717773ae1b3c20dc8dca307acf
 
IA-32:
gaim-1.2.1-4.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 63057cd9f2275c3341b9d7e9dd2e220f
 
x86_64:
gaim-1.2.1-4.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: c0a79bf240b5341fcd04a33da6a7fe4c
 
Red Hat Desktop (v. 4)

SRPMS:
gaim-1.2.1-4.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: 7d3925a519acce2b7c401ccce0eeeb8d
 
IA-32:
gaim-1.2.1-4.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: ba719a662b35380a70b56bae840f28b2
 
x86_64:
gaim-1.2.1-4.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 08253074848f63d7f6f39120aaf7a84a
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
gaim-1.2.1-4.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 912bf1717773ae1b3c20dc8dca307acf
 
IA-32:
gaim-1.2.1-4.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 63057cd9f2275c3341b9d7e9dd2e220f
 
IA-64:
gaim-1.2.1-4.el3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: fa954dec92b683493b2734368a286a18
 
PPC:
gaim-1.2.1-4.el3.ppc.rpm
File outdated by:  RHBA-2006:0135
    MD5: 5214e0342271920b5988da126c4f952a
 
s390:
gaim-1.2.1-4.el3.s390.rpm
File outdated by:  RHBA-2006:0135
    MD5: 9886eab67eecb9b03aa8ee6eafe0c99e
 
s390x:
gaim-1.2.1-4.el3.s390x.rpm
File outdated by:  RHBA-2006:0135
    MD5: 6953af21d81fef1c0decf24a95477f2d
 
x86_64:
gaim-1.2.1-4.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: c0a79bf240b5341fcd04a33da6a7fe4c
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gaim-1.2.1-4.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: 7d3925a519acce2b7c401ccce0eeeb8d
 
IA-32:
gaim-1.2.1-4.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: ba719a662b35380a70b56bae840f28b2
 
IA-64:
gaim-1.2.1-4.el4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: f05981243b140ea3afce73d1aa9a85e9
 
PPC:
gaim-1.2.1-4.el4.ppc.rpm
File outdated by:  RHBA-2006:0133
    MD5: 7fc6f456880c8eaec5f63bc80dfa60fa
 
s390:
gaim-1.2.1-4.el4.s390.rpm
File outdated by:  RHBA-2006:0133
    MD5: 3043629a036db925c1bbf37ecee0bf33
 
s390x:
gaim-1.2.1-4.el4.s390x.rpm
File outdated by:  RHBA-2006:0133
    MD5: c06c72fea55251d4e97e803ffeb6c49d
 
x86_64:
gaim-1.2.1-4.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 08253074848f63d7f6f39120aaf7a84a
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
gaim-1.2.1-4.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 912bf1717773ae1b3c20dc8dca307acf
 
IA-32:
gaim-1.2.1-4.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 63057cd9f2275c3341b9d7e9dd2e220f
 
IA-64:
gaim-1.2.1-4.el3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: fa954dec92b683493b2734368a286a18
 
x86_64:
gaim-1.2.1-4.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: c0a79bf240b5341fcd04a33da6a7fe4c
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gaim-1.2.1-4.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: 7d3925a519acce2b7c401ccce0eeeb8d
 
IA-32:
gaim-1.2.1-4.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: ba719a662b35380a70b56bae840f28b2
 
IA-64:
gaim-1.2.1-4.el4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: f05981243b140ea3afce73d1aa9a85e9
 
x86_64:
gaim-1.2.1-4.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 08253074848f63d7f6f39120aaf7a84a
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
gaim-1.2.1-4.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 912bf1717773ae1b3c20dc8dca307acf
 
IA-32:
gaim-1.2.1-4.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 63057cd9f2275c3341b9d7e9dd2e220f
 
IA-64:
gaim-1.2.1-4.el3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: fa954dec92b683493b2734368a286a18
 
x86_64:
gaim-1.2.1-4.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: c0a79bf240b5341fcd04a33da6a7fe4c
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gaim-1.2.1-4.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: 7d3925a519acce2b7c401ccce0eeeb8d
 
IA-32:
gaim-1.2.1-4.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: ba719a662b35380a70b56bae840f28b2
 
IA-64:
gaim-1.2.1-4.el4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: f05981243b140ea3afce73d1aa9a85e9
 
x86_64:
gaim-1.2.1-4.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: 08253074848f63d7f6f39120aaf7a84a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

153311 - CAN-2005-0965 Gaim remote DoS issues (CAN-2005-0966)
153761 - CAN-2005-0967 jabber DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/