Gaim: Denial of Service issues
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200504-05 / Gaim |
| Release Date |
April 06, 2005 |
| Latest Revision |
April 06, 2005: 03 |
| Impact |
low |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| net-im/gaim |
<
1.2.1 |
>=
1.2.1 |
All supported architectures
|
Related bugreports:
#87903
Synopsis
Gaim contains multiple vulnerabilities that can lead to a Denial of
Service.
2.
Impact Information
Background
Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.
Description
Multiple vulnerabilities have been addressed in the latest release of
Gaim:
- A buffer overread in the gaim_markup_strip_html() function,
which is used when logging conversations (CAN-2005-0965).
- Markup tags are improperly escaped using Gaim's IRC plugin
(CAN-2005-0966).
- Sending a specially crafted file transfer request to a Gaim Jabber
user can trigger a crash (CAN-2005-0967).
Impact
An attacker could possibly cause a Denial of Service by exploiting any
of these vulnerabilities.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All Gaim users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"
|
4.
References
|
