MDVSA-2009:140

Package name

gaim

Date

2009-06-25

Advisory ID

MDVSA-2009:140

Affected versions

CS3.0 i586 , CS3.0 x86_64

Problem description

Multiple security vulnerabilities has been identified and fixed
in gaim:

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before
2.5.6 allows remote authenticated users to execute arbitrary code via
vectors involving an outbound XMPP file transfer. NOTE: some of these
details are obtained from third party information (CVE-2009-1373).

Multiple integer overflows in the msn_slplink_process_msg functions
in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c
and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6
on 32-bit platforms allow remote attackers to execute arbitrary code
via a malformed SLP message with a crafted offset value, leading to
buffer overflows. NOTE: this issue exists because of an incomplete
fix for CVE-2008-2927 (CVE-2009-1376).

The updated packages have been patched to prevent this.

Updated packages

CS3.0 i586

 8197eff106ba6700263baebc375a3450  corporate/3.0/i586/gaim-1.5.0-0.3.C30mdk.i586.rpm
 65d29506639d6ece5f6a5ee4ff412f26  corporate/3.0/i586/gaim-devel-1.5.0-0.3.C30mdk.i586.rpm
 7df1a2e32c72e08c70fd6b97ae1cb5c4  corporate/3.0/i586/gaim-perl-1.5.0-0.3.C30mdk.i586.rpm
 a93879b845766db687d96dbaa816c9d7  corporate/3.0/i586/gaim-tcl-1.5.0-0.3.C30mdk.i586.rpm
 c55fa34819507c2a09c2be60f3b413a1  corporate/3.0/i586/libgaim-remote0-1.5.0-0.3.C30mdk.i586.rpm
 55c036de54a3c77ecbac2de7b151e831  corporate/3.0/i586/libgaim-remote0-devel-1.5.0-0.3.C30mdk.i586.rpm 
 360236b5901d1baa2a152a298a5da711  corporate/3.0/SRPMS/gaim-1.5.0-0.3.C30mdk.src.rpm

CS3.0 x86_64

 cb87618ff19356017bbcb64ca4a92911  corporate/3.0/x86_64/gaim-1.5.0-0.3.C30mdk.x86_64.rpm
 e53605a18922d9a38d6d27a3a33019a9  corporate/3.0/x86_64/gaim-devel-1.5.0-0.3.C30mdk.x86_64.rpm
 19a629ebdd66f13b005ed8d7cff149be  corporate/3.0/x86_64/gaim-perl-1.5.0-0.3.C30mdk.x86_64.rpm
 7f52e7d3264df5d0092e7444d6121767  corporate/3.0/x86_64/gaim-tcl-1.5.0-0.3.C30mdk.x86_64.rpm
 c341e275dd265014746a79a1c522ed9b  corporate/3.0/x86_64/lib64gaim-remote0-1.5.0-0.3.C30mdk.x86_64.rpm
 decfc6bbe51682c5c513acdc28516c6a  corporate/3.0/x86_64/lib64gaim-remote0-devel-1.5.0-0.3.C30mdk.x86_64.rpm 
 360236b5901d1baa2a152a298a5da711  corporate/3.0/SRPMS/gaim-1.5.0-0.3.C30mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373