aru Posted January 27, 2004 Report Share Posted January 27, 2004 MandrakeSoft Security Advisory MDKSA-2004:006 : gaim January 26th, 2004 Updated gaim packages fix multiple vulnerabilities A number of vulnerabilities were discovered in the gaim instant messenger program by Steffan Esser, versions 0.75 and earlier. Thanks to Jacques A. Vidrine for providing initial patches. Multiple buffer overflows exist in gaim 0.75 and earlier: When parsing cookies in a Yahoo web connection; YMSG protocol overflows parsing the Yahoo login webpage; a YMSG packet overflow; flaws in the URL parser; and flaws in the HTTP Proxy connect (CAN-2004-006). A buffer overflow in gaim 0.74 and earlier in the Extract Info Field Function used for MSN and YMSG protocol handlers (CAN-2004-007). An integer overflow in gaim 0.74 and earlier, when allocating memory for a directIM packet results in a heap overflow (CAN-2004-0008). The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:006 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0008 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts