Description: | Description:
The remote host is missing updates announced in advisory CLSA-2005:1006.
This announcement fixes many vulnerabilities that were encountered in Gaim. These vulnerabilities are:
CVE-2005-1269 Gaim allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
CVE-2005-1934 Gaim allows remote attackers to cause a denial of service (application crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.
CVE-2005-2370 Multiple 'memory alignment errors' in libgadu allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
CVE-2005-2102 The AIM/ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
CVE-2005-2103 Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
For further informations on Gaim's vulnerabilities, please refer to the project's security page.
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001006 http://gaim.sourceforge.net/ http://gaim.sourceforge.net/security/
Risk factor : High
CVSS Score: 7.5
|