[matarosensefils] [Fwd: [SECURITY] [DSA 716-1] New gaim packages fix denial of service]
jordi
jordi a matarosensefils.net
dic abr 27 12:08:01 CEST 2005
Actualitzeu el gaim.
-------- Missatge reenviat --------
> De: Martin Schulze <joey a infodrom.org>
> Respon: debian-security a lists.debian.org
> Per a: Debian Security Announcements
> <debian-security-announce a lists.debian.org>
> Assumpte: [SECURITY] [DSA 716-1] New gaim packages fix denial of
> service
> Data: Wed, 27 Apr 2005 10:54:09 +0200 (CEST)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 716-1 security a debian.org
> http://www.debian.org/security/ Martin Schulze
> April 27th, 2005 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : gaim
> Vulnerability : denial of service
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CAN-2005-0472
>
> It has been discovered that certain malformed SNAC packets sent by
> other AIM or ICQ users can trigger an infinite loop in Gaim, a
> multi-protocol instant messaging client, and hence lead to a denial of
> service of the client.
>
> Two more denial of service conditions have been discovered in newer
> versions of Gaim which are fixed in the package in sid but are not
> present in the package in woody.
>
> For the stable distribution (woody) this problem has been fixed in
> version 0.58-2.5.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 1.1.3-1.
>
> We recommend that you upgrade your gaim packages.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.dsc
> Size/MD5 checksum: 681 e985a045131d5ad43c2192533d581d49
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz
> Size/MD5 checksum: 23078 688d4d51bd00e863c4c911f539708f0d
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
> Size/MD5 checksum: 1928057 644df289daeca5f9dd3983d65c8b2407
>
> Alpha architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_alpha.deb
> Size/MD5 checksum: 480588 297fed5e44fab4f49c3c103159ee3dc4
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb
> Size/MD5 checksum: 674918 1a59dbf94b98f25c18eaeee28aab5910
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_alpha.deb
> Size/MD5 checksum: 501450 bbe7cdac070bed0937596df34052c555
>
> ARM architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_arm.deb
> Size/MD5 checksum: 401938 1f9588d2015c20477f35f59de2e67190
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb
> Size/MD5 checksum: 615258 6a1d88825004fb405881674236b5f34b
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_arm.deb
> Size/MD5 checksum: 422646 eab79e46b080475268510509635388b2
>
> Intel IA-32 architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_i386.deb
> Size/MD5 checksum: 389530 e4b3815727835a3ab112fb109a328021
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb
> Size/MD5 checksum: 605678 619283e7b98add8bf725beb71a3de75b
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_i386.deb
> Size/MD5 checksum: 409274 c81aa5abd01455d0b082c6503e5abb32
>
> Intel IA-64 architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_ia64.deb
> Size/MD5 checksum: 557214 f57cd6a3c35d2d7042690e5584d3c49c
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb
> Size/MD5 checksum: 765410 33b7051caea6919c87519bc9c570ef69
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_ia64.deb
> Size/MD5 checksum: 570064 2a9d5dbdd9b1bc7470d3a7a12cf3b453
>
> HP Precision architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_hppa.deb
> Size/MD5 checksum: 459698 74a1621f52f73e436aeffc82e1c528a5
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb
> Size/MD5 checksum: 691344 06a88c54e725114cb0818b50dce65fd5
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_hppa.deb
> Size/MD5 checksum: 481568 5aaf2370d855711ae2d2916c13831f0b
>
> Motorola 680x0 architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_m68k.deb
> Size/MD5 checksum: 370690 627841728dabb3c6e83e60c8001a0ac4
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb
> Size/MD5 checksum: 622818 e4205658f157914fc5cea27c7248a71d
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_m68k.deb
> Size/MD5 checksum: 392316 8ee4f81a43e8b9ae123adadba2eed04c
>
> Big endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mips.deb
> Size/MD5 checksum: 406618 354027157ccc8439f28f3d05198cce12
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb
> Size/MD5 checksum: 615058 36c64cdcac52153d504eb7e246560510
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mips.deb
> Size/MD5 checksum: 427314 7f59f09c347ed39a12fad8408c40fab3
>
> Little endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mipsel.deb
> Size/MD5 checksum: 397210 f690bab2d77b7f5bc5c207ab8799a7ae
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb
> Size/MD5 checksum: 607548 a62777c3ba8590660821edb1f46947ee
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mipsel.deb
> Size/MD5 checksum: 416922 31b725e25888062257b1d9a212450a0e
>
> PowerPC architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_powerpc.deb
> Size/MD5 checksum: 413722 b499efefdd53e1e1f99c82fe4345d740
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb
> Size/MD5 checksum: 643070 e6a50e343c77e80e72c26570e4086452
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_powerpc.deb
> Size/MD5 checksum: 434530 be29354736f00ed85d5aa36d0bb86330
>
> IBM S/390 architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_s390.deb
> Size/MD5 checksum: 399718 1328ff0fecf64d0a8db50bcbf6a4307d
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb
> Size/MD5 checksum: 644284 c668b1de2ad8c707c5f8ad2de456bf9c
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_s390.deb
> Size/MD5 checksum: 422222 14e4654f7df7c22fb6e8240908c7836c
>
> Sun Sparc architecture:
>
> http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_sparc.deb
> Size/MD5 checksum: 409866 7d8a00f61567dea550246ba36ee8f350
> http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb
> Size/MD5 checksum: 654072 aca9f7da61fa3f05e5394844fd1cc0ba
> http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_sparc.deb
> Size/MD5 checksum: 428798 d4eb82d10dfcaee16df40d3c4547e809
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce a lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
>
> iD8DBQFCb1MxW5ql+IAeqTIRAuyDAKCLgLcvQQL/yHUrPyfnN4NA+l1xigCfRGK7
> sXTZIJCQn4+aJhY27nCPr7Y=
> =muNJ
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST a lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster a lists.debian.org
>
--
.''`. Usuari Jabber:
: :' : jordi a xerrameca.mataro.sensefils
`. `'` ataro a 12jabber.com
`-
Debian - when you have better things to do than fixing a system
jordi a matarosensefils net
-------------- part següent --------------
( ( ( ( || ) ) ) )
||
||
Comunitat Sensefils de Mataró
www.ilurowireless.net - www.matarosensefils.net - www.matarowireless.net
Per donar-te de baixa de la llista escriu un correu a llista-request a matarosensefils.net amb unsubscribe en el títol o el cos del missatge
Adreça de la llista: http://lists.rinho.com/cgi-bin/mailman//listinfo/llista
Més informació sobre la llista de correu llista_matarosensefils.net