Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0347 -- Debian Security Advisory DSA 716-1 New gaim packages fix denial of service 28 April 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gaim Publisher: Debian Operating System: Debian GNU/Linux 3.0 Linux variants Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2005-0472 Original Bulletin: http://www.debian.org/security/2005/dsa-716 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 716-1 security@debian.org http://www.debian.org/security/ Martin Schulze April 27th, 2005 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : gaim Vulnerability : denial of service Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0472 It has been discovered that certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim, a multi-protocol instant messaging client, and hence lead to a denial of service of the client. Two more denial of service conditions have been discovered in newer versions of Gaim which are fixed in the package in sid but are not present in the package in woody. For the stable distribution (woody) this problem has been fixed in version 0.58-2.5. For the unstable distribution (sid) these problems have been fixed in version 1.1.3-1. We recommend that you upgrade your gaim packages. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.dsc Size/MD5 checksum: 681 e985a045131d5ad43c2192533d581d49 http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz Size/MD5 checksum: 23078 688d4d51bd00e863c4c911f539708f0d http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz Size/MD5 checksum: 1928057 644df289daeca5f9dd3983d65c8b2407 Alpha architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_alpha.deb Size/MD5 checksum: 480588 297fed5e44fab4f49c3c103159ee3dc4 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb Size/MD5 checksum: 674918 1a59dbf94b98f25c18eaeee28aab5910 http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_alpha.deb Size/MD5 checksum: 501450 bbe7cdac070bed0937596df34052c555 ARM architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_arm.deb Size/MD5 checksum: 401938 1f9588d2015c20477f35f59de2e67190 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb Size/MD5 checksum: 615258 6a1d88825004fb405881674236b5f34b http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_arm.deb Size/MD5 checksum: 422646 eab79e46b080475268510509635388b2 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_i386.deb Size/MD5 checksum: 389530 e4b3815727835a3ab112fb109a328021 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb Size/MD5 checksum: 605678 619283e7b98add8bf725beb71a3de75b http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_i386.deb Size/MD5 checksum: 409274 c81aa5abd01455d0b082c6503e5abb32 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_ia64.deb Size/MD5 checksum: 557214 f57cd6a3c35d2d7042690e5584d3c49c http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb Size/MD5 checksum: 765410 33b7051caea6919c87519bc9c570ef69 http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_ia64.deb Size/MD5 checksum: 570064 2a9d5dbdd9b1bc7470d3a7a12cf3b453 HP Precision architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_hppa.deb Size/MD5 checksum: 459698 74a1621f52f73e436aeffc82e1c528a5 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb Size/MD5 checksum: 691344 06a88c54e725114cb0818b50dce65fd5 http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_hppa.deb Size/MD5 checksum: 481568 5aaf2370d855711ae2d2916c13831f0b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_m68k.deb Size/MD5 checksum: 370690 627841728dabb3c6e83e60c8001a0ac4 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb Size/MD5 checksum: 622818 e4205658f157914fc5cea27c7248a71d http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_m68k.deb Size/MD5 checksum: 392316 8ee4f81a43e8b9ae123adadba2eed04c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mips.deb Size/MD5 checksum: 406618 354027157ccc8439f28f3d05198cce12 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb Size/MD5 checksum: 615058 36c64cdcac52153d504eb7e246560510 http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mips.deb Size/MD5 checksum: 427314 7f59f09c347ed39a12fad8408c40fab3 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mipsel.deb Size/MD5 checksum: 397210 f690bab2d77b7f5bc5c207ab8799a7ae http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb Size/MD5 checksum: 607548 a62777c3ba8590660821edb1f46947ee http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mipsel.deb Size/MD5 checksum: 416922 31b725e25888062257b1d9a212450a0e PowerPC architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_powerpc.deb Size/MD5 checksum: 413722 b499efefdd53e1e1f99c82fe4345d740 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb Size/MD5 checksum: 643070 e6a50e343c77e80e72c26570e4086452 http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_powerpc.deb Size/MD5 checksum: 434530 be29354736f00ed85d5aa36d0bb86330 IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_s390.deb Size/MD5 checksum: 399718 1328ff0fecf64d0a8db50bcbf6a4307d http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb Size/MD5 checksum: 644284 c668b1de2ad8c707c5f8ad2de456bf9c http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_s390.deb Size/MD5 checksum: 422222 14e4654f7df7c22fb6e8240908c7836c Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_sparc.deb Size/MD5 checksum: 409866 7d8a00f61567dea550246ba36ee8f350 http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb Size/MD5 checksum: 654072 aca9f7da61fa3f05e5394844fd1cc0ba http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_sparc.deb Size/MD5 checksum: 428798 d4eb82d10dfcaee16df40d3c4547e809 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCb1MxW5ql+IAeqTIRAuyDAKCLgLcvQQL/yHUrPyfnN4NA+l1xigCfRGK7 sXTZIJCQn4+aJhY27nCPr7Y= =muNJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQnA7hyh9+71yA2DNAQJ5igP/YrlnuX+Rtn6wRS1cPgkwqY+nK78rBauM uvIIHd2rovB93XqXKo4f8XoFfh9vW0na8ugdlG2yQlLYrrz4Ydnx+fdh9vq/001E l5NelCtOlq1TIbM7j2kPGRMSjyBk7C3Hb12hbLpSnGh7ZWoSsKJcjIU0jJN6i3TA YmxnxFu/uSg= =3SV5 -----END PGP SIGNATURE-----