Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


Search this Thread
Old 01-26-2004, 10:39 PM   #1
Registered: Jun 2003
Location: Tampa, Fl
Distribution: Gentoo, Slackware
Posts: 828

Rep: Reputation: 30
Warn: Gaim

Hash: SHA1

[slackware-security] GAIM security update (SSA:2004-026-01)

GAIM is a GTK2-based Instant Messaging (IM) client.

New GAIM packages are available for Slackware 9.0, 9.1, and -current.
12 vulnerabilities were found in the instant messenger GAIM that
allow remote compromise. All sites using GAIM should upgrade to these
new packages. These are based on GAIM 0.75 with patches for all 12
security issues. Thanks to Stefan Esser of e-matters GmbH for
finding and reporting these bugs.

For more details, see the e-matters GmbH advisory here:

Here are the details from the Slackware 9.1 ChangeLog:
Mon Jan 26 15:27:17 PST 2004
patches/packages/gaim-0.75-i486-1.tgz: Upgraded to gaim-0.75 and patched
12 overflows that can allow remote compromise. All GAIM users should
(* Security fix *)


Updated package for Slackware 9.0:

Updated package for Slackware 9.1:

Updated package for Slackware -current:


Slackware 9.0 package:
452ccd82a9ee640912575a8fdcea86a1 gaim-0.75-i386-1.tgz

Slackware 9.1 package:
b66997156d55a0f9561e80e604b25630 gaim-0.75-i486-1.tgz

Slackware -current package:
259f1731e2278b2c68a54d215ec55dfb gaim-0.75-i486-1.tgz


Upgrade the GAIM package with upgradepkg:

# upgradepkg gaim-0.75-i486-1.tgz

Old 01-26-2004, 11:40 PM   #2
Senior Member
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
Thanks for that. I've forgotten to check the security logs lately. I haven't use gaim in eons but was thinking about getting in touch with some folks again.

Tip if you don't have Gnome: this version of Gaim will bitch about not being able to find 'shared library' which is in 'startup-notification-0.5-i486-2' in /gnome (for 9.1). Dunno why it was compiled to need it when 0.68 didn't - and I really don't need a frigging spinning cursor or whatever it's supposed to do. But still worth it if this one's fixed. 12 holes? WTH?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: rsync Joey.Dale Linux - Security 1 10-13-2004 12:10 AM
WARN: sox Joey.Dale Linux - Security 1 08-11-2004 07:02 AM
WARN: libpng Joey.Dale Linux - Security 0 08-10-2004 06:59 AM
Warn: Xfree86 Joey.Dale Linux - Security 2 02-14-2004 03:34 AM
Warn: mutt Joey.Dale Linux - Security 0 02-12-2004 09:46 PM

All times are GMT -5. The time now is 11:50 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration