Skip to navigation

Security Advisory gaim security update

Advisory: RHSA-2005:518-03
Type: Security Advisory
Severity: Moderate
Issued on: 2005-06-16
Last updated on: 2005-06-16
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-1269
CVE-2005-1934

Details

An updated gaim package that fixes two denial of service issues is now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Gaim application is a multi-protocol instant messaging client.

Jacopo Ottaviani discovered a bug in the way Gaim handles Yahoo! Messenger
file transfers. It is possible for a malicious user to send a specially
crafted file transfer request that causes Gaim to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1269 to this issue.

Additionally, Hugo de Bokkenrijder discovered a bug in the way Gaim parses
MSN Messenger messages. It is possible for a malicious user to send a
specially crafted MSN Messenger message that causes Gaim to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1934 to this issue.

Users of gaim are advised to upgrade to this updated package, which contains
version 1.3.1 and is not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
gaim-1.3.1-0.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 6e3487b80f03bbbebc60b691ca140292
 
IA-32:
gaim-1.3.1-0.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 28008d055a4e79ed522e10f0c50dc662
 
x86_64:
gaim-1.3.1-0.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: df11ddc642891aa0c6ed61621dd301ec
 
Red Hat Desktop (v. 4)

SRPMS:
gaim-1.3.1-0.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: acf732c6f6d85a78c86db1baa79ca5f4
 
IA-32:
gaim-1.3.1-0.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: e0511ae1b636292034a7b4c14af1825c
 
x86_64:
gaim-1.3.1-0.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: b1ca26e267afa4bc370c1c6bceb895f6
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
gaim-1.3.1-0.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 6e3487b80f03bbbebc60b691ca140292
 
IA-32:
gaim-1.3.1-0.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 28008d055a4e79ed522e10f0c50dc662
 
IA-64:
gaim-1.3.1-0.el3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: e47396490f16e145080a04f3964cff85
 
PPC:
gaim-1.3.1-0.el3.ppc.rpm
File outdated by:  RHBA-2006:0135
    MD5: eb0c29e0807f7f466d17138bbd92aecd
 
s390:
gaim-1.3.1-0.el3.s390.rpm
File outdated by:  RHBA-2006:0135
    MD5: bec845ba4dccde9375d8a875a953510e
 
s390x:
gaim-1.3.1-0.el3.s390x.rpm
File outdated by:  RHBA-2006:0135
    MD5: 3fff9511488e4303d1526b934698a8ed
 
x86_64:
gaim-1.3.1-0.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: df11ddc642891aa0c6ed61621dd301ec
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gaim-1.3.1-0.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: acf732c6f6d85a78c86db1baa79ca5f4
 
IA-32:
gaim-1.3.1-0.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: e0511ae1b636292034a7b4c14af1825c
 
IA-64:
gaim-1.3.1-0.el4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: c26accad6a53da3e70df6477b8b01b16
 
PPC:
gaim-1.3.1-0.el4.ppc.rpm
File outdated by:  RHBA-2006:0133
    MD5: ef64f758b59c02929996b3d26c6f2fba
 
s390:
gaim-1.3.1-0.el4.s390.rpm
File outdated by:  RHBA-2006:0133
    MD5: 5841165c10a1c583b9159a74b1deea76
 
s390x:
gaim-1.3.1-0.el4.s390x.rpm
File outdated by:  RHBA-2006:0133
    MD5: 12a2890b8e73f6c915177f40305cde6b
 
x86_64:
gaim-1.3.1-0.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: b1ca26e267afa4bc370c1c6bceb895f6
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
gaim-1.3.1-0.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 6e3487b80f03bbbebc60b691ca140292
 
IA-32:
gaim-1.3.1-0.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 28008d055a4e79ed522e10f0c50dc662
 
IA-64:
gaim-1.3.1-0.el3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: e47396490f16e145080a04f3964cff85
 
x86_64:
gaim-1.3.1-0.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: df11ddc642891aa0c6ed61621dd301ec
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gaim-1.3.1-0.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: acf732c6f6d85a78c86db1baa79ca5f4
 
IA-32:
gaim-1.3.1-0.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: e0511ae1b636292034a7b4c14af1825c
 
IA-64:
gaim-1.3.1-0.el4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: c26accad6a53da3e70df6477b8b01b16
 
x86_64:
gaim-1.3.1-0.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: b1ca26e267afa4bc370c1c6bceb895f6
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
gaim-1.3.1-0.el3.src.rpm
File outdated by:  RHBA-2006:0135
    MD5: 6e3487b80f03bbbebc60b691ca140292
 
IA-32:
gaim-1.3.1-0.el3.i386.rpm
File outdated by:  RHBA-2006:0135
    MD5: 28008d055a4e79ed522e10f0c50dc662
 
IA-64:
gaim-1.3.1-0.el3.ia64.rpm
File outdated by:  RHBA-2006:0135
    MD5: e47396490f16e145080a04f3964cff85
 
x86_64:
gaim-1.3.1-0.el3.x86_64.rpm
File outdated by:  RHBA-2006:0135
    MD5: df11ddc642891aa0c6ed61621dd301ec
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gaim-1.3.1-0.el4.src.rpm
File outdated by:  RHBA-2006:0133
    MD5: acf732c6f6d85a78c86db1baa79ca5f4
 
IA-32:
gaim-1.3.1-0.el4.i386.rpm
File outdated by:  RHBA-2006:0133
    MD5: e0511ae1b636292034a7b4c14af1825c
 
IA-64:
gaim-1.3.1-0.el4.ia64.rpm
File outdated by:  RHBA-2006:0133
    MD5: c26accad6a53da3e70df6477b8b01b16
 
x86_64:
gaim-1.3.1-0.el4.x86_64.rpm
File outdated by:  RHBA-2006:0133
    MD5: b1ca26e267afa4bc370c1c6bceb895f6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

159691 - CAN-2005-1269 Gaim yahoo utf8 crasher
159961 - CAN-2005-1934 Gaim MSN protocol DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/