New gaim packages are available for Slack/390 9.1 and -current to fix
several security issues. Sites that use GAIM should upgrade to the new
version.
Here are the details from the Slack/390 -current ChangeLog:
+--------------------------+
Fri Aug 27 16:03:02 EDT 2004
patches/packages/gaim-0.82.1-s390-1.tgz:
Upgraded to gaim-0.82.1 and gaim-encryption-2.30.
Fixes several security issues:
Content-length DOS (malloc error) (no CAN ID on this one)
MSN strncpy buffer overflow (CAN-2004-0500)
Groupware message receive integer overflow (CAN-2004-0754)
Smiley theme installation lack of escaping (CAN-2004-0784)
RTF message buffer overflow, Local hostname resolution buffer overflow,
URL decode buffer overflow (these 3 are CAN-2004-0785)
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slack/390 9.1:
ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-9.1/patches/
packages/gaim-0.82.1-s390-1.tgz
Updated package for Slack/390 -current:
ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-current/patc
hes/packages/gaim-0.82.1-s390-1.tgz
MD5 signatures:
+-------------+
Slack/390 9.1 package:
ae13e7ca5b11570367045cad5e147e7c gaim-0.82.1-s390-1.tgz
Slack/390 -current package:
5af4f19c994dc4cea4fab2258ed392a2 gaim-0.82.1-s390-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg gaim-0.82.1-s390-1.tgz
+-----+
Mark Post
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
