Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1610-1] New gaim packages fix execution of arbitrary co

From Steve Kemp@1:229/2 to All on Tue Jul 15 20:00:24 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1610-1 [email protected] http://www.debian.org/security/ Steve Kemp
July 15, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : gaim
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2927

It was discovered that gaim, an multi-protocol instant messaging client,
was vulnerable to several integer overflows in its MSN protocol handlers.
These could allow a remote attacker to execute arbitrary code.

For the stable distribution (etch), this problem has been fixed in version 1:2.0.0+beta5-10etch1.

For the unstable distribution (sid), this package is not present.

We recommend that you upgrade your gaim package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1.dsc
Size/MD5 checksum: 1143 7c07047f910aa37b5d3237d2b9c2f746
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5.orig.tar.gz
Size/MD5 checksum: 9031658 b95158280b54f7c6e61c975ac6a1b2c5
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1.diff.gz
Size/MD5 checksum: 40297 4481186566917128436fec7894a0849e

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gaim/gaim-data_2.0.0+beta5-10etch1_all.deb
Size/MD5 checksum: 5155634 a771c9d07df618edbea2009b81a780eb

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_alpha.deb
Size/MD5 checksum: 3941786 5ae6eb63afa93956d351b436c4dedce1
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_alpha.deb
Size/MD5 checksum: 151048 d2963922763948e431374e6035fce786
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_alpha.deb
Size/MD5 checksum: 1946668 a581acaee78397951203bb9ba75b92a5

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_amd64.deb
Size/MD5 checksum: 151308 e02d048bb0b276819259b9eafb2da5c1
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_amd64.deb
Size/MD5 checksum: 3981722 f8dea9c85a995285842b9658b7f22e40
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_amd64.deb
Size/MD5 checksum: 1783578 68aa76888cdef8f740f45f50661234b1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_arm.deb
Size/MD5 checksum: 3755878 f5fab49dc1d45ea2a6b5c57a52402cf9
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_arm.deb
Size/MD5 checksum: 151974 65cb42b3add06b9e623d14199c4f1955
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_arm.deb
Size/MD5 checksum: 1562534 cbde10538a351b4f7730a76c3d0d24d7

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_hppa.deb
Size/MD5 checksum: 3885888 c6ecba97d3da131f507be4bb829f30d0
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_hppa.deb
Size/MD5 checksum: 151626 bd76b163486f8a778bea8a3cae124d66
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_hppa.deb
Size/MD5 checksum: 1982362 4c523a86d49a58204ef226d8b003adea

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_i386.deb
Size/MD5 checksum: 1680010 33ada7f2c9454fe220feac62252ddb6f
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_i386.deb
Size/MD5 checksum: 3753710 6a1c030a5bd9ed092d108d54b99e64ca
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_i386.deb
Size/MD5 checksum: 151968 4132986afae49a8640f5e4a2c793da30

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_ia64.deb
Size/MD5 checksum: 2446022 006e57d747b574fe007531dea875b1e7
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_ia64.deb
Size/MD5 checksum: 149394 3374fa4ef91014f880840b35d38d31c5
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_ia64.deb
Size/MD5 checksum: 3734170 690c1bb55de9f185016eff981c4808b9

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_mips.deb
Size/MD5 checksum: 150720 311032a9ac626069ccc86f84f57e2590
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_mips.deb
Size/MD5 checksum: 4038460 e64238f554102f276d1318ec1306a576
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_mips.deb
Size/MD5 checksum: 1477582 b8161f8051c1ef3bfcabae5fda5a8e86

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_powerpc.deb
Size/MD5 checksum: 1736680 1fd924e136faa010fc72bdd5380bae7b
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_powerpc.deb
Size/MD5 checksum: 149416 c39f12e2db475a607635cadef7cf2d0d
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_powerpc.deb
Size/MD5 checksum: 3962580 5f96851de05f64a1004f259163c78a62

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_s390.deb
Size/MD5 checksum: 3887734 8a70aab0641f3133d09e92236209d599

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	152:38:18
Calls:	12,091
Calls today:	4
Files:	15,000
Messages:	6,517,648

[SECURITY] [DSA 1610-1] New gaim packages fix execution of arbitrary co

Who's Online

Recent Visitors

System Info