Slackware Linux Advisory: gaim

[slackware-security] GAIM security update (SSA:2004-026-01)

GAIM is a GTK2-based Instant Messaging (IM) client.

New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these new packages. These are based on GAIM 0.75 with patches for all 12 security issues. Thanks to Stefan Esser of e-matters GmbH for finding and reporting these bugs.

For more details, see the e-matters GmbH advisory here:
http://security.e-matters.de/advisories/012004.html

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Mon Jan 26 15:27:17 PST 2004
patches/packages/gaim-0.75-i486-1.tgz: Upgraded to gaim-0.75 and patched 12 overflows that can allow remote compromise. All GAIM users should upgrade.
(* Security fix *)
+--------------------------+

WHERE TO FIND THE NEW PACKAGE:

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gaim-0.75-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-0.75-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-0.75-i486-1.tgz

MD5 SIGNATURES:

Slackware 9.0 package:
452ccd82a9ee640912575a8fdcea86a1 gaim-0.75-i386-1.tgz

Slackware 9.1 package:
b66997156d55a0f9561e80e604b25630 gaim-0.75-i486-1.tgz

Slackware -current package:
259f1731e2278b2c68a54d215ec55dfb gaim-0.75-i486-1.tgz

INSTALLATION INSTRUCTIONS:

Upgrade the GAIM package with upgradepkg:

# upgradepkg gaim-0.75-i486-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com