USN-781-2: Gaim vulnerabilities
===========================================================
Ubuntu Security Notice USN-781-2 June 03, 2009
gaim vulnerabilities
CVE-2009-1373, CVE-2009-1376 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS:
gaim 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2
After a standard system upgrade you need to restart Gaim to effect the necessary changes.
Details follow:
It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)
It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)
Recent comments
34 weeks 4 days ago
34 weeks 4 days ago
35 weeks 4 days ago
36 weeks 22 hours ago
36 weeks 5 days ago
36 weeks 5 days ago
37 weeks 2 hours ago
38 weeks 4 days ago
50 weeks 5 days ago
1 year 2 weeks ago