New gaim packages fix denial of service

Date July 30, 2005

Debian Security Advisory DSA 769-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 29th, 2005 http://www.debian.org/security/faq

Package : gaim
Vulnerability : memory alignment bug
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2370

Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.

The old stable distribution (woody) does not seem to be affected by
this problem.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.1-1.4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gaim package.

Upgrade Instructions
- ——————–

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Category Posted in Exploits and Bugs

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>