gaim security update

2005-08-10T04:28:39
ID CESA-2005:589-01
Type centos
Reporter CentOS Project
Modified 2005-08-10T04:28:39

Description

CentOS Errata and Security Advisory CESA-2005:589-01

Gaim is an Internet Instant Messaging client.

A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ which could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.

Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-August/024068.html

Affected packages: gaim

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html