New gaim packages are available for Slack/390 9.1 and -current to fix
several security issues.  Sites that use GAIM should upgrade to the new
version.

Here are the details from the Slack/390 -current ChangeLog:
+--------------------------+
Fri Aug 27 16:03:02 EDT 2004
patches/packages/gaim-0.82.1-s390-1.tgz:
  Upgraded to gaim-0.82.1 and gaim-encryption-2.30.
  Fixes several security issues:
     Content-length DOS (malloc error) (no CAN ID on this one)
     MSN strncpy buffer overflow (CAN-2004-0500)
     Groupware message receive integer overflow (CAN-2004-0754)
     Smiley theme installation lack of escaping (CAN-2004-0784)
     RTF message buffer overflow, Local hostname resolution buffer overflow,
       URL decode buffer overflow (these 3 are CAN-2004-0785)
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slack/390 9.1:
ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-9.1/patches/
packages/gaim-0.82.1-s390-1.tgz

Updated package for Slack/390 -current:
ftp://ftp.ibiblio.org/pub/linux/distributions/slack390/slack390-current/patc
hes/packages/gaim-0.82.1-s390-1.tgz


MD5 signatures:
+-------------+

Slack/390 9.1 package:
ae13e7ca5b11570367045cad5e147e7c  gaim-0.82.1-s390-1.tgz

Slack/390 -current package:
5af4f19c994dc4cea4fab2258ed392a2  gaim-0.82.1-s390-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gaim-0.82.1-s390-1.tgz


+-----+

Mark Post

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to