CentOS Errata and Security Advisory CESA-2005:589-01
Gaim is an Internet Instant Messaging client.
A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ which could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.
Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-August/024068.html
Affected packages: gaim
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html