Package : gaim
Vulnerability : denial of service
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-1269 CAN-2005-1934
Two denial of service problems have been discovered in Gaim, a
multi-protocol instant messaging client. The Common Vulnerabilities
and Exposures project identifies the following problems:
CAN-2005-1269
A malformed Yahoo filename can result in a crash of the application.
CAN-2005-1934
A malformed MSN message can lead to incorrect memory allocation
resulting in a crash of the application.
The old stable distribution (woody) does not seem to be affected.
For the stable distribution (sarge) these problems have been fixed in
version 1.2.1-1.3.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.1-1.
We recommend that you upgrade your gaim package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Product : Fedora Core 3
Name : php
Version : 4.3.11
Release : 2.6
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
Update Information:
This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the
name CAN-2005-1921 to this issue.
The bundled version of shtool is also updated, to fix some temporary
file handling races. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2005-1751 to this issue.
Tue Jul 5 2005 Joe Orton <jorton@redhat.com> 4.3.11-2.6
pear: update to XML_RPC 1.3.1 (CAN-2005-1921, #162045)
update bundled shtool to 2.0.2 (CAN-2005-1751, #158998)
require autoconf, automake for -devel package (#159283)
Product : Fedora Core 4
Name : php
Version : 5.0.4
Release : 10.3
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
Update Information:
This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the
name CAN-2005-1921 to this issue.
The bundled version of shtool is also updated, to fix some temporary
file handling races. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2005-1751 to this issue.
Bug fixes for the dom, ldap, and gd extensions are also included in
this update.
Mon Jul 4 2005 Joe Orton <jorton@redhat.com> 5.0.4-10.3
pear: update to XML_RPC 1.3.1 (CAN-2005-1921, #162045)
update bundled shtool to 2.0.2 (CAN-2005-1751, #158998)
Tue Jun 21 2005 Joe Orton <jorton@redhat.com> 5.0.4-10.2
fix imports from dom module (Rob Richards, #161447)
fix detection and support for ldap_start_tls (#160527)
fix imagettftext et al (upstream, #161001)
mark php.ini and php.conf as noreplace again for updates
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
Red Hat Linux
Red Hat Security Advisory
Synopsis: Critical: RealPlayer security update
Advisory ID: RHSA-2005:523-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-523.html
Issue date: 2005-06-23
Updated on: 2005-07-05
Product: Red Hat Enterprise Linux Extras
CVE Names: CAN-2005-1766
1. Summary:
An updated RealPlayer package that fixes a buffer overflow issue is now
available.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
[Updated 05 Jul 2005]
The previous package for Red Hat Enterprise Linux 4 did not contain the
proper fix for this issue. This erratum has been updated with a replacement
package that corrects this issue
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
3. Problem description:
RealPlayer is a media player that provides media playback locally and
via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL
2.0, JPEG, GIF, PNG, RealPix, RealText, and more.
A buffer overflow bug was found in the way RealPlayer processes SMIL files.
An attacker could create a specially crafted SMIL file that could combine
with a malicious Web server to execute arbitrary code when the file was
opened by a user. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned the name CAN-2005-1766 to this issue.
All users of RealPlayer are advised to upgrade to this updated package,
which contains RealPlayer version 10.0.5 and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
