Slackware 1133 Published by

New gaim packages are available for Slackware 9.1, 10.0 and -current to fix several security issues. Sites that use GAIM should upgrade to the new version.



Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Thu Aug 26 17:14:09 PDT 2004
patches/packages/gaim-0.82-i486-1.tgz:
Upgraded to gaim-0.82 and gaim-encryption-2.29.
Fixes several security issues:
Content-length DOS (malloc error) (no CAN ID on this one)
MSN strncpy buffer overflow (CAN-2004-0500)
Groupware message receive integer overflow (CAN-2004-0754)
Smiley theme installation lack of escaping (CAN-2004-0784)
RTF message buffer overflow, Local hostname resolution buffer overflow,
URL decode buffer overflow (these 3 are CAN-2004-0785)
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-0.82-i486-1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.82-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.82-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 9.1 package:
2034d5d16ab7ea82d03f52df7b1e31c5 gaim-0.82-i486-1.tgz

Slackware 10.0 package:
1b779612c3a82f173a297e5c13dbd239 gaim-0.82-i486-1.tgz

Slackware -current package:
196d30002d2175e6eb0f90f2a9fc62d8 gaim-0.82-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gaim-0.82-i486-1.tgz