LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-26-2004, 10:39 PM   #1
Joey.Dale
Member
 
Registered: Jun 2003
Location: Tampa, Fl
Distribution: Gentoo, Slackware
Posts: 828

Rep: Reputation: 30
Warn: Gaim


----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] GAIM security update (SSA:2004-026-01)

GAIM is a GTK2-based Instant Messaging (IM) client.

New GAIM packages are available for Slackware 9.0, 9.1, and -current.
12 vulnerabilities were found in the instant messenger GAIM that
allow remote compromise. All sites using GAIM should upgrade to these
new packages. These are based on GAIM 0.75 with patches for all 12
security issues. Thanks to Stefan Esser of e-matters GmbH for
finding and reporting these bugs.

For more details, see the e-matters GmbH advisory here:
http://security.e-matters.de/advisories/012004.html


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Mon Jan 26 15:27:17 PST 2004
patches/packages/gaim-0.75-i486-1.tgz: Upgraded to gaim-0.75 and patched
12 overflows that can allow remote compromise. All GAIM users should
upgrade.
(* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackwar....75-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackwar....75-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar....75-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 9.0 package:
452ccd82a9ee640912575a8fdcea86a1 gaim-0.75-i386-1.tgz

Slackware 9.1 package:
b66997156d55a0f9561e80e604b25630 gaim-0.75-i486-1.tgz

Slackware -current package:
259f1731e2278b2c68a54d215ec55dfb gaim-0.75-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade the GAIM package with upgradepkg:

# upgradepkg gaim-0.75-i486-1.tgz


+-----+
 
Old 01-26-2004, 11:40 PM   #2
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
Thanks for that. I've forgotten to check the security logs lately. I haven't use gaim in eons but was thinking about getting in touch with some folks again.

Tip if you don't have Gnome: this version of Gaim will bitch about not being able to find 'shared library libstartup-notification-1.so.0' which is in 'startup-notification-0.5-i486-2' in /gnome (for 9.1). Dunno why it was compiled to need it when 0.68 didn't - and I really don't need a frigging spinning cursor or whatever it's supposed to do. But still worth it if this one's fixed. 12 holes? WTH?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: rsync Joey.Dale Linux - Security 1 10-13-2004 12:10 AM
WARN: sox Joey.Dale Linux - Security 1 08-11-2004 07:02 AM
WARN: libpng Joey.Dale Linux - Security 0 08-10-2004 06:59 AM
Warn: Xfree86 Joey.Dale Linux - Security 2 02-14-2004 03:34 AM
Warn: mutt Joey.Dale Linux - Security 0 02-12-2004 09:46 PM


All times are GMT -5. The time now is 11:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration