Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gaim: Denial of Service issues — GLSA 200504-05

Gaim contains multiple vulnerabilities that can lead to a Denial of Service.

Affected packages

Package net-im/gaim on all architectures
Affected versions < 1.2.1
Unaffected versions >= 1.2.1

Background

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Description

Multiple vulnerabilities have been addressed in the latest release of Gaim:

  • A buffer overread in the gaim_markup_strip_html() function, which is used when logging conversations (CAN-2005-0965).
  • Markup tags are improperly escaped using Gaim's IRC plugin (CAN-2005-0966).
  • Sending a specially crafted file transfer request to a Gaim Jabber user can trigger a crash (CAN-2005-0967).

Impact

An attacker could possibly cause a Denial of Service by exploiting any of these vulnerabilities.

Workaround

There is no known workaround at this time.

Resolution

All Gaim users should upgrade to the latest version: 

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"

References

Release date
April 06, 2005

Latest revision
April 06, 2005: 03

Severity
low

Exploitable
remote

Bugzilla entries