New gaim packages are available for Slackware 9.1, 10.0 and -current to fix several security issues. Sites that use GAIM should upgrade to the new version.
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Thu Aug 26 17:14:09 PDT 2004
patches/packages/gaim-0.82-i486-1.tgz:
Upgraded to gaim-0.82 and gaim-encryption-2.29.
Fixes several security issues:
Content-length DOS (malloc error) (no CAN ID on this one)
MSN strncpy buffer overflow (CAN-2004-0500)
Groupware message receive integer overflow (CAN-2004-0754)
Smiley theme installation lack of escaping (CAN-2004-0784)
RTF message buffer overflow, Local hostname resolution buffer overflow,
URL decode buffer overflow (these 3 are CAN-2004-0785)
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-0.82-i486-1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.82-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.82-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 9.1 package:
2034d5d16ab7ea82d03f52df7b1e31c5 gaim-0.82-i486-1.tgz
Slackware 10.0 package:
1b779612c3a82f173a297e5c13dbd239 gaim-0.82-i486-1.tgz
Slackware -current package:
196d30002d2175e6eb0f90f2a9fc62d8 gaim-0.82-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg gaim-0.82-i486-1.tgz
Here are the details from the Slackware 10.0 ChangeLog:
+--------------------------+
Thu Aug 26 17:14:09 PDT 2004
patches/packages/gaim-0.82-i486-1.tgz:
Upgraded to gaim-0.82 and gaim-encryption-2.29.
Fixes several security issues:
Content-length DOS (malloc error) (no CAN ID on this one)
MSN strncpy buffer overflow (CAN-2004-0500)
Groupware message receive integer overflow (CAN-2004-0754)
Smiley theme installation lack of escaping (CAN-2004-0784)
RTF message buffer overflow, Local hostname resolution buffer overflow,
URL decode buffer overflow (these 3 are CAN-2004-0785)
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-0.82-i486-1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-0.82-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.82-i486-1.tgz
MD5 signatures:
+-------------+
Slackware 9.1 package:
2034d5d16ab7ea82d03f52df7b1e31c5 gaim-0.82-i486-1.tgz
Slackware 10.0 package:
1b779612c3a82f173a297e5c13dbd239 gaim-0.82-i486-1.tgz
Slackware -current package:
196d30002d2175e6eb0f90f2a9fc62d8 gaim-0.82-i486-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg gaim-0.82-i486-1.tgz
