Nom du paquet
gaim
Date
2002-08-29
Advisory ID
MDKSA-2002:054
Affected versions
8.1 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable.

Updated packages

8.1 i586

 5c1d08e501dc2f889bf7ddcd27b551d2  ia64/8.1/RPMS/gaim-0.59.1-1.1mdk.ia64.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  ia64/8.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

CS1.0 i586

 cc3f1b72c0b0a046c2d6e271ac4ef9a8  1.0.1/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  1.0.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

8.1 i586

 095f6c8aadaf06732dc8398e8217fb3c  8.1/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  8.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

8.0 i586

 095f6c8aadaf06732dc8398e8217fb3c  8.0/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  8.0/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

8.2 i586

 b18399b33a517de8af524c326e9b539b  8.2/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  8.2/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

8.0 i586

 d078adbe132c822880c1e50043ba7edd  ppc/8.0/RPMS/gaim-0.59.1-1.1mdk.ppc.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  ppc/8.0/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

8.2 i586

 0110ef0414286614261da0aa9749751f  ppc/8.2/RPMS/gaim-0.59.1-1.1mdk.ppc.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  ppc/8.2/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

7.1 i586

 cc3f1b72c0b0a046c2d6e271ac4ef9a8  7.1/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  7.1/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

7.2 i586

 9fcfb20bdd27480122c97acd5b1db53a  7.2/RPMS/gaim-0.59.1-1.1mdk.i586.rpm
d72cf5a2ccfa4d130b036aeac5fd88f4  7.2/SRPMS/gaim-0.59.1-1.1mdk.src.rpm

References