|Category:||Mandrake Local Security Checks|
|Title:||Mandrake Security Advisory MDKSA-2005:071 (gaim)|
|Summary:||Mandrake Security Advisory MDKSA-2005:071 (gaim)|
The remote host is missing an update to gaim
announced via advisory MDKSA-2005:071.
More vulnerabilities have been discovered in the gaim instant messaging
A buffer overflow vulnerability was found in the way that gaim escapes
HTML, allowing a remote attacker to send a specially crafted message
to a gaim client and causing it to crash (CVE-2005-0965).
A bug was discovered in several of gaim's IRC processing functions
that fail to properly remove various markup tags within an IRC message.
This could allow a remote attacker to send specially crafted message to
a gaim client connected to an IRC server, causing it to crash
Finally, a problem was found in gaim's Jabber message parser that would
allow a remote Jabber user to send a specially crafted message to a
gaim client, bausing it to crash (CVE-2005-0967).
Gaim version 1.2.1 is not vulnerable to these issues and is provided
with this update.
Affected versions: 10.1, Corporate 3.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2005-0965|
Bugtraq: 20050401 multiple remote denial of service vulnerabilities in Gaim (Google Search)
SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
BugTraq ID: 12999
Common Vulnerability Exposure (CVE) ID: CVE-2005-0966
BugTraq ID: 13003
XForce ISS Database: gaim-irc-plugin-bo(19937)
XForce ISS Database: gaim-ircmsginvite-dos(19939)
Common Vulnerability Exposure (CVE) ID: CVE-2005-0967
BugTraq ID: 13004
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.