Linux Today: Linux News On Internet Time.

More on LinuxToday

Slackware Linux Advisory: gaim

Jan 28, 2004, 20:59 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

[slackware-security] GAIM security update (SSA:2004-026-01)

GAIM is a GTK2-based Instant Messaging (IM) client.

New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these new packages. These are based on GAIM 0.75 with patches for all 12 security issues. Thanks to Stefan Esser of e-matters GmbH for finding and reporting these bugs.

For more details, see the e-matters GmbH advisory here:

Here are the details from the Slackware 9.1 ChangeLog:
Mon Jan 26 15:27:17 PST 2004
patches/packages/gaim-0.75-i486-1.tgz: Upgraded to gaim-0.75 and patched 12 overflows that can allow remote compromise. All GAIM users should upgrade.
(* Security fix *)


Updated package for Slackware 9.0:

Updated package for Slackware 9.1:

Updated package for Slackware -current:


Slackware 9.0 package:
452ccd82a9ee640912575a8fdcea86a1 gaim-0.75-i386-1.tgz

Slackware 9.1 package:
b66997156d55a0f9561e80e604b25630 gaim-0.75-i486-1.tgz

Slackware -current package:
259f1731e2278b2c68a54d215ec55dfb gaim-0.75-i486-1.tgz


Upgrade the GAIM package with upgradepkg:

# upgradepkg gaim-0.75-i486-1.tgz


Slackware Linux Security Team