The Gaim application is a multi-protocol instant messaging client.
A stack based buffer overflow bug was found in the way gaim processes a
message containing a URL. A remote attacker could send a carefully crafted
message resulting in the execution of arbitrary code on a victim’s machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1261 to this issue.
A bug in the way Gaim processes SNAC packets was discovered. It is possible
that a remote attacker could send a specially crafted SNAC packet to a Gaim
client, causing the client to stop responding. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472
to this issue.
Users of Gaim are advised to upgrade to this updated package which contains
gaim version 0.59.9 with backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 2 | i386 | gaim | < 0.59.9-4.el2 | gaim-0.59.9-4.el2.i386.rpm |
RedHat | 2 | ia64 | gaim | < 0.59.9-4.el2 | gaim-0.59.9-4.el2.ia64.rpm |