seeing is believing

Ubuntu Security Notice 781-2

Ubuntu Security Notice 781-2
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1376
MD5 | d74cb76df8b38e0209f284e5b01abe54

Ubuntu Security Notice 781-2

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-781-2 June 03, 2009
gaim vulnerabilities
CVE-2009-1373, CVE-2009-1376
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
gaim 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2

After a standard system upgrade you need to restart Gaim to effect
the necessary changes.

Details follow:

It was discovered that Gaim did not properly handle certain malformed
messages when sending a file using the XMPP protocol handler. If a user
were tricked into sending a file, a remote attacker could send a specially
crafted response and cause Gaim to crash, or possibly execute arbitrary
code with user privileges. (CVE-2009-1373)

It was discovered that Gaim did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a
specially crafted message and possibly execute arbitrary code with user
privileges. (CVE-2009-1376)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2.diff.gz
Size/MD5: 35032 018074e6f3fe79b0334b616c41db8f16
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2.dsc
Size/MD5: 1061 fedec169b55ed59a1d258f4261d3342e
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015.orig.tar.gz
Size/MD5: 4299145 949ae755e9be1af68eef6c09c36a7530

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.5.0+1.5.1cvs20051015-1ubuntu10.2_all.deb
Size/MD5: 613400 851c17117f60a8bdd7a1a7945295bb95

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_amd64.deb
Size/MD5: 103268 3e801c048c16f37927274e223006cf12
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_amd64.deb
Size/MD5: 954312 b221c7923480c8f561b19f25602fb42d

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_i386.deb
Size/MD5: 103268 7c5d619c893be0613fc3e9e520180ac3
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_i386.deb
Size/MD5: 836516 36ab380abace72300ba4aa0da8af0423

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_powerpc.deb
Size/MD5: 103266 f8d87f5da7ae492b3e5564c132afb4de
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_powerpc.deb
Size/MD5: 924684 227c223828b0edcc564397b37281636a

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.5.0+1.5.1cvs20051015-1ubuntu10.2_sparc.deb
Size/MD5: 103252 4e6a313eced48612d2f35ab69ebd85b1
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.5.0+1.5.1cvs20051015-1ubuntu10.2_sparc.deb
Size/MD5: 856864 9b00254efd713d0001bb7e11817e6bc3


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close