(RHSA-2005:627) gaim security update

2005-08-09T04:00:00
ID RHSA-2005:627
Type redhat
Reporter RedHat
Modified 2017-09-08T11:58:31

Description

Gaim is an Internet Messaging client.

A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.

Daniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2102 to this issue.

A denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2370 to this issue.

Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.