USN-781-2: Gaim vulnerabilities
===========================================================
Ubuntu Security Notice USN-781-2 June 03, 2009
gaim vulnerabilities
CVE-2009-1373, CVE-2009-1376 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS:
gaim 1:1.5.0+1.5.1cvs20051015-1ubuntu10.2
After a standard system upgrade you need to restart Gaim to effect the necessary changes.
Details follow:
It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)
It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)
Recent comments
9 weeks 4 days ago
9 weeks 4 days ago
10 weeks 4 days ago
11 weeks 11 hours ago
11 weeks 5 days ago
11 weeks 5 days ago
11 weeks 6 days ago
13 weeks 3 days ago
25 weeks 5 days ago
29 weeks 6 days ago