package gaim
tags 350071 +patch
tags 323706 +patch
thanks
--- Begin Message ---
Hi Security Team,
There is a planned release of gaim 1.5.0 this Thursday. It will fix
three security issues:
1. CAN-2005-2370
The gadu-gadu protocol plugin. There was a memory alignment bug that
apparently can not be exploited on x86. You can grab a patch for Gaim from:
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/gg/libgg.c?r1=1.21.2.1&r2=1.21.2.2
This has already been publicized in libgadu, but gaim is not dynamically
linking against the library so it still has to be updated manually.
2. CAN-2005-2102 gaim UTF8 filename crash
There is an oscar remotely exploitable crash bug. A remote AIM or ICQ user
would need to compile their own client and send a specially crafted IM
(basically an IM containing lots of %s, and flag it as an away message). It
results in a buffer overflow. A fix for this has not yet been commited to
CVS, and the issue should be fairly unknown. A patch for this is
attached. Hopefully it will apply against gaim 1.2.1 with minimal
modifications.
3. CAN-2005-2103 gaim away message buffer overflow
Daniel Atallah fixed a crash in oscar dealing with invalid file names. It
is remotely exploitable by anyone sending you a file with a non-utf8
filename.
It sometimes causes a crash in pango. It might be depending on the version
of gtk you're using. And seems to crash Linux machines less than Windows
machines (if ever). This has not yet been fixed in CVS, but it IS in
the wild and you can get a client from http://www.sevenz.net/ to exploit
it. A patch is attached. Again, hopefully it will apply against gaim 1.2.1.
Ari Pollak
oscar_malformed_filename_crash_fix.patch
Description: Binary data
gaim_oldstatus_aim_away_message_substitution_buffer_overflow_fix.diff
Description: Binary data
signature.asc
Description: OpenPGP digital signature
--- End Message ---
