ID de Prueba:	1.3.6.1.4.1.25623.1.0.51855
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:933
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:933. Gaim[1] is a multi-protocol instant messaging (IM) client. This announcement fixes three denial of service vulnerabilities that were encountered in Gaim. The fixed vulnerabilities are: CVE-2005-0472[2]: Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from AIM or ICQ. CVE-2005-0473[3]: The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes an invalid memory access. CVE-2005-0208[4]: The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes an invalid memory access. This vulnerabity is diferent from CVE-2005-0473. For further informations on Gaim's vulnerabilities, please refer to the project's security page[5]. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://gaim.sourceforge.net/ http://gaim.sourceforge.net/security/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:933 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000933 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0472 12589 http://www.securityfocus.com/bid/12589 14322 http://secunia.com/advisories/14322 20050225 [USN-85-1] Gaim vulnerabilities http://marc.info/?l=bugtraq&m=110935655500670&w=2 CLA-2005:933 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933 DSA-716 http://www.debian.org/security/2005/dsa-716 FLSA:158543 http://www.securityfocus.com/archive/1/426078/100/0/threaded GLSA-200503-03 http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml MDKSA-2005:049 http://www.mandriva.com/security/advisories?name=MDKSA-2005:049 RHSA-2005:215 http://www.redhat.com/support/errata/RHSA-2005-215.html RHSA-2005:432 http://www.redhat.com/support/errata/RHSA-2005-432.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html VU#839280 http://www.kb.cert.org/vuls/id/839280 gaim-snac-dos(19380) https://exchange.xforce.ibmcloud.com/vulnerabilities/19380 http://gaim.sourceforge.net/security/index.php?id=10 oval:org.mitre.oval:def:10433 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10433 Common Vulnerability Exposure (CVE) ID: CVE-2005-0473 VU#523888 http://www.kb.cert.org/vuls/id/523888 gaim-html-dos(19381) https://exchange.xforce.ibmcloud.com/vulnerabilities/19381 http://gaim.sourceforge.net/security/index.php?id=11 oval:org.mitre.oval:def:10212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212 Common Vulnerability Exposure (CVE) ID: CVE-2005-0208 BugTraq ID: 12660 http://www.securityfocus.com/bid/12660 Bugtraq: 20050225 [USN-85-1] Gaim vulnerabilities (Google Search) CERT/CC vulnerability note: VU#795812 http://www.kb.cert.org/vuls/id/795812 Conectiva Linux advisory: CLA-2005:933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10477 http://secunia.com/advisories/14386 SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.