---

Home Security

Advisories: May 11, 2005

By

Fedora Core

Fedora Update Notification
FEDORA-2005-369
2005-05-11

Product : Fedora Core 3
Name : gaim
Version : 1.3.0
Release : 1.fc3
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as
many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, or Yahoo! Inc. or other messaging service
providers.

Update Information:

Many bug fixes and two important security fixes.

  • Tue May 10 2005 Warren Togami <wtogami@redhat.com>
    1:1.3.0-1

    • “1.3.0 many bug fixes and two security fixes long URL crash fix
      (#157017) CAN-2005-1261 MSN bad messages crash fix (#157202)
      CAN-2005-1262
  • Thu Apr 7 2005 Warren Togami <wtogami@redhat.com>
    1:1.2.1-4

    • use mozilla-nss everywhere because gnutls is buggy
      (#135778)

This update can be downloaded from:


http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

657b6db50b3e2dcc8f6de28949da4db0
SRPMS/gaim-1.3.0-1.fc3.src.rpm
5de6efcfe212fde2bc3495ad9766d256
x86_64/gaim-1.3.0-1.fc3.x86_64.rpm
69e1bdfcbb08b4dcd52b6739d629713f
x86_64/debug/gaim-debuginfo-1.3.0-1.fc3.x86_64.rpm
2a3459bf8322df5702b619bd29236cc8 i386/gaim-1.3.0-1.fc3.i386.rpm
579b449572cc0dbf2fe5fde5f1c4c9d6
i386/debug/gaim-debuginfo-1.3.0-1.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Red Hat Linux

Red Hat Security Advisory

Synopsis: Moderate: openmotif security update
Advisory ID: RHSA-2005:412-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-412.html

Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0605

1. Summary:

Updated openmotif packages that fix a flaw in the Xpm image
library are now available.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

OpenMotif provides libraries which implement the Motif industry
standard graphical user interface.

An integer overflow flaw was found in libXpm, which is used to
decode XPM (X PixMap) images. A vulnerable version of this library
was found within OpenMotif. An attacker could create a carefully
crafted XPM file which would cause an application to crash or
potentially execute arbitrary code if opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0605 to this issue.

Users of OpenMotif are advised to upgrade to these erratum
packages, which contains a backported security patch to the
embedded libXpm library.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm

fc696f8839bf611ea0f3ea23fa2abbc1
openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782
openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097
openmotif-devel-2.1.30-13.21AS.5.i386.rpm

ia64:
23a97afe7a12979b59436b7331e737e2
openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d
openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm

fc696f8839bf611ea0f3ea23fa2abbc1
openmotif-2.1.30-13.21AS.5.src.rpm

ia64:
23a97afe7a12979b59436b7331e737e2
openmotif-2.1.30-13.21AS.5.ia64.rpm
435170af1e8f72455a9a3ea0b99d991d
openmotif-devel-2.1.30-13.21AS.5.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm

fc696f8839bf611ea0f3ea23fa2abbc1
openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782
openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097
openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openmotif-2.1.30-13.21AS.5.src.rpm

fc696f8839bf611ea0f3ea23fa2abbc1
openmotif-2.1.30-13.21AS.5.src.rpm

i386:
82d4d85be0efd5e4611dcfd31cb2c782
openmotif-2.1.30-13.21AS.5.i386.rpm
a635c37af852402dd36090c8c4b74097
openmotif-devel-2.1.30-13.21AS.5.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm

3cd7bf76e1135f650e80ca6522412c69
openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm

fc9c3cdfe2888fbb732ebe1e2a4af65f
openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0
openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ppc:
aa579c6cd9b990c200649c8e486080a6
openmotif-2.2.3-5.RHEL3.2.ppc.rpm
b20b1e8f68630389cb394bfb7c40155f
openmotif-2.2.3-5.RHEL3.2.ppc64.rpm
5ce626584cb7aa546f5fcd10f6c56a19
openmotif-devel-2.2.3-5.RHEL3.2.ppc.rpm

s390:
08b1bea796c5d86b014b567edb5087cc
openmotif-2.2.3-5.RHEL3.2.s390.rpm
cc2134a36b90a4359698f6c1999c1425
openmotif-devel-2.2.3-5.RHEL3.2.s390.rpm

s390x:
bd621dc1992af0815be37a0f63d446e8
openmotif-2.2.3-5.RHEL3.2.s390x.rpm
08b1bea796c5d86b014b567edb5087cc
openmotif-2.2.3-5.RHEL3.2.s390.rpm
86c61331a3388af93c39cd5e823595cd
openmotif-devel-2.2.3-5.RHEL3.2.s390x.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm

3cd7bf76e1135f650e80ca6522412c69
openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm

fc9c3cdfe2888fbb732ebe1e2a4af65f
openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm

3cd7bf76e1135f650e80ca6522412c69
openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm

fc9c3cdfe2888fbb732ebe1e2a4af65f
openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
ab4961edbf87f51127e6f491a4da9eea
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
ee6f6ea8384e1d6e75e31a30167a44e0
openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif-2.2.3-5.RHEL3.2.src.rpm

3cd7bf76e1135f650e80ca6522412c69
openmotif-2.2.3-5.RHEL3.2.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.6.src.rpm

fc9c3cdfe2888fbb732ebe1e2a4af65f
openmotif21-2.1.30-9.RHEL3.6.src.rpm

i386:
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
c2bdacac09caeb13bc916b9e6213b24f
openmotif-devel-2.2.3-5.RHEL3.2.i386.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

ia64:
ab4961edbf87f51127e6f491a4da9eea
openmotif-2.2.3-5.RHEL3.2.ia64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
ee6f6ea8384e1d6e75e31a30167a44e0
openmotif-devel-2.2.3-5.RHEL3.2.ia64.rpm
0a0454015608b488ddb3c55d3278a14e
openmotif21-2.1.30-9.RHEL3.6.ia64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

x86_64:
72999fcdd0aa116594141125f1758bcc
openmotif-2.2.3-5.RHEL3.2.x86_64.rpm
47c7fb4596b78c973deb7c2988808f96
openmotif-2.2.3-5.RHEL3.2.i386.rpm
20dfdd4cb2f316fd525dbeff39546260
openmotif-devel-2.2.3-5.RHEL3.2.x86_64.rpm
901cfdff883c390159e7510c7beb108d
openmotif21-2.1.30-9.RHEL3.6.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm

33a7a4ad7fe6ec6960f4ec09972954c8
openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm

36c7d95bc2d6cedec3ada3eeb575def1
openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58
openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83
openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ppc:
c332f25632c26bf2b5d55960bc93f9c1
openmotif-2.2.3-9.RHEL4.1.ppc.rpm
4f98953c059ffe207e12159128927006
openmotif-2.2.3-9.RHEL4.1.ppc64.rpm
5c96da3bcfbc5cfd01a60bc0a3ee8e0c
openmotif-devel-2.2.3-9.RHEL4.1.ppc.rpm

s390:
4f764a6ad8dc046b16b578c71a9dd733
openmotif-2.2.3-9.RHEL4.1.s390.rpm
e9f3bd11e16b08fb2d87d052f90923bc
openmotif-devel-2.2.3-9.RHEL4.1.s390.rpm

s390x:
4e2615987a0ab95371f0d979db6eff0d
openmotif-2.2.3-9.RHEL4.1.s390x.rpm
4f764a6ad8dc046b16b578c71a9dd733
openmotif-2.2.3-9.RHEL4.1.s390.rpm
52affcfcf476d51deaa3fd775aa5646b
openmotif-devel-2.2.3-9.RHEL4.1.s390x.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm

33a7a4ad7fe6ec6960f4ec09972954c8
openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm

36c7d95bc2d6cedec3ada3eeb575def1
openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm

33a7a4ad7fe6ec6960f4ec09972954c8
openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm

36c7d95bc2d6cedec3ada3eeb575def1
openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58
openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83
openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openmotif-2.2.3-9.RHEL4.1.src.rpm

33a7a4ad7fe6ec6960f4ec09972954c8
openmotif-2.2.3-9.RHEL4.1.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openmotif21-2.1.30-11.RHEL4.4.src.rpm

36c7d95bc2d6cedec3ada3eeb575def1
openmotif21-2.1.30-11.RHEL4.4.src.rpm

i386:
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
d7eade810dfacc7de2ab529600974405
openmotif-devel-2.2.3-9.RHEL4.1.i386.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

ia64:
908695c253844642ad38070cf17f7a58
openmotif-2.2.3-9.RHEL4.1.ia64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
8168147910ce21b4bc5f89dfb22dae83
openmotif-devel-2.2.3-9.RHEL4.1.ia64.rpm
776371f184502bcf8b28d73701e580d5
openmotif21-2.1.30-11.RHEL4.4.ia64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

x86_64:
bc3cfce66bea5a3b3900b4e7d07b3b90
openmotif-2.2.3-9.RHEL4.1.x86_64.rpm
023cc76d475a1a73f62103b8179ad27e
openmotif-2.2.3-9.RHEL4.1.i386.rpm
e657eee7a31222a98c1f6b5da0c2d234
openmotif-devel-2.2.3-9.RHEL4.1.x86_64.rpm
47fa2a0391dd9117626c946888bbc675
openmotif21-2.1.30-11.RHEL4.4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Moderate: tcpdump security update
Advisory ID: RHSA-2005:417-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-417.html

Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1278 CAN-2005-1279 CAN-2005-1280

1. Summary:

Updated tcpdump packages that fix several security issues are
now available.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

This updated package also adds support for output files larger
than 2 GB.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

Tcpdump is a command-line tool for monitoring network
traffic.

Several denial of service bugs were found in the way tcpdump
processes certain network packets. It is possible for an attacker
to inject a carefully crafted packet onto the network, crashing a
running tcpdump session. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the names CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
to these issues.

The tcpdump utility can now write a file larger than 2 GB.

Users of tcpdump are advised to upgrade to these erratum
packages, which contain backported security patches and are not
vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm

5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3
arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

ia64:
c946c22b1dd85ebdd683ba32a0b90c81
arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm

ppc:
75881a67766b2b6691d5226e171fdc10
arpwatch-2.1a13-9.RHEL4.ppc.rpm
b4a41e93577c6f82f149431977ef61e5 libpcap-0.8.3-9.RHEL4.ppc.rpm
a14f89e586397f85008157fa19878911
libpcap-0.8.3-9.RHEL4.ppc64.rpm
9420bb4d746827512ee887401312440a tcpdump-3.8.2-9.RHEL4.ppc.rpm

s390:
7ea94c620e5af6e475b4b27f26e470f2
arpwatch-2.1a13-9.RHEL4.s390.rpm
1976770e47c521297f649f1b42e49898 libpcap-0.8.3-9.RHEL4.s390.rpm
e7da5aebbed8819f14b5879e11c2be6e tcpdump-3.8.2-9.RHEL4.s390.rpm

s390x:
7cfc13ab028787fa75ad5e8247d1880c
arpwatch-2.1a13-9.RHEL4.s390x.rpm
4a86ff37bfc19be6081f382660a92cdc
libpcap-0.8.3-9.RHEL4.s390x.rpm
1976770e47c521297f649f1b42e49898 libpcap-0.8.3-9.RHEL4.s390.rpm
13d794d2c859d3ea562487b88e216f1a
tcpdump-3.8.2-9.RHEL4.s390x.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc
arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1
libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e
tcpdump-3.8.2-9.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm

5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3
arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc
arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1
libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e
tcpdump-3.8.2-9.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm

5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3
arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

ia64:
c946c22b1dd85ebdd683ba32a0b90c81
arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc
arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1
libpcap-0.8.3-9.RHEL4.x86_64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e
tcpdump-3.8.2-9.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tcpdump-3.8.2-9.RHEL4.src.rpm

5607e37bf75aaeddd33f7d233dd2ad17 tcpdump-3.8.2-9.RHEL4.src.rpm

i386:
bcfb4c02e3dbd05c9511f83ffb40c8e3
arpwatch-2.1a13-9.RHEL4.i386.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
f082d8a0b865dbbddb562135a75da872 tcpdump-3.8.2-9.RHEL4.i386.rpm

ia64:
c946c22b1dd85ebdd683ba32a0b90c81
arpwatch-2.1a13-9.RHEL4.ia64.rpm
077d5e776765be59d99622d68e2cf961 libpcap-0.8.3-9.RHEL4.ia64.rpm
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
79a99b5c9945b2bcdd15c25f18868a3f tcpdump-3.8.2-9.RHEL4.ia64.rpm

x86_64:
3e4d6ad57987ee2e4a720aa5b918b2bc
arpwatch-2.1a13-9.RHEL4.x86_64.rpm
40625ce1034b70ad65e98b7e848da5b1
libpcap-0.8.3-9.RHEL4.x86_64.rpm/
0aa35520fbc89c6b3838e23c20559a74 libpcap-0.8.3-9.RHEL4.i386.rpm
ffa76b9f0547a5b0390b8cc8b4acd84e
tcpdump-3.8.2-9.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Moderate: tcpdump security update
Advisory ID: RHSA-2005:421-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-421.html

Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1278 CAN-2005-1279 CAN-2005-1280

1. Summary:

Updated tcpdump packages that fix several security issues are
now available.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

These updated packages also add support for output files larger
than 2 GB, add support for some new VLAN IDs, and fix message
parsing on 64bit architectures.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64 Red Hat Desktop version 3 – i386, x86_64 Red Hat
Enterprise Linux ES version 3 – i386, ia64, x86_64 Red Hat
Enterprise Linux WS version 3 – i386, ia64, x86_64

3. Problem description:

Tcpdump is a command-line tool for monitoring network
traffic.

Several denial of service bugs were found in the way tcpdump
processes certain network packets. It is possible for an attacker
to inject a carefully crafted packet onto the network, crashing a
running tcpdump session. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the names CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280
to these issues.

Additionally, the tcpdump utility can now write a file larger
than 2 GB, parse some new VLAN IDs, and parse messages on 64bit
architectures.

Users of tcpdump are advised to upgrade to these erratum
packages, which contain backported security patches and are not
vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm

0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm

ppc:
2758662cc702f6a4410a60d1601a153a libpcap-0.7.2-7.E3.5.ppc.rpm
7a568efb8187cfc7c6b559161cf9e18c libpcap-0.7.2-7.E3.5.ppc64.rpm
07c067ffd17e53819cefd8456e7a7509 tcpdump-3.7.2-7.E3.5.ppc.rpm

s390:
e3ef1f0253d92389bdd051cba0ddaae9 libpcap-0.7.2-7.E3.5.s390.rpm
37a66b594884b745c7bada003825aef9 tcpdump-3.7.2-7.E3.5.s390.rpm

s390x:
69a4d6ad073863c16b4b5ca0a083fbfc libpcap-0.7.2-7.E3.5.s390x.rpm
e3ef1f0253d92389bdd051cba0ddaae9 libpcap-0.7.2-7.E3.5.s390.rpm
368c077fe312d95ce20e350fd5a6704d tcpdump-3.7.2-7.E3.5.s390x.rpm

x86_64:
157bceaebd99a87bd8dc797d1d509f33
libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325
tcpdump-3.7.2-7.E3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm

0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

x86_64:
157bceaebd99a87bd8dc797d1d509f33
libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325
tcpdump-3.7.2-7.E3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm

0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm

x86_64:
157bceaebd99a87bd8dc797d1d509f33
libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
9bda0e806e916b7dab298317097a3325
tcpdump-3.7.2-7.E3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tcpdump-3.7.2-7.E3.5.src.rpm

0897eea910400bb6459e95fc0251f058 tcpdump-3.7.2-7.E3.5.src.rpm

i386:
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
e7e937cc53ff8f4e9a2d089425f3a061 tcpdump-3.7.2-7.E3.5.i386.rpm

ia64:
b6103f68b3992ddf6bc0fe747f81cbbe libpcap-0.7.2-7.E3.5.ia64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm
c09ea94decbff9547a93fd5b0565ed29 tcpdump-3.7.2-7.E3.5.ia64.rpm

x86_64:
9bda0e806e916b7dab298317097a3325
tcpdump-3.7.2-7.E3.5.x86_64.rpm
157bceaebd99a87bd8dc797d1d509f33
libpcap-0.7.2-7.E3.5.x86_64.rpm
04f8be96da43ac855e7105a959d99b28 libpcap-0.7.2-7.E3.5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Critical: gaim security update
Advisory ID: RHSA-2005:429-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-429.html

Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1261 CAN-2005-1262

1. Summary:

An updated gaim package that fixes two security issues is now
available.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

The Gaim application is a multi-protocol instant messaging
client.

A stack based buffer overflow bug was found in the way gaim
processes a message containing a URL. A remote attacker could send
a carefully crafted message resulting in the execution of arbitrary
code on a victim’s machine. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-1261 to this issue.

A bug was found in the way gaim handles malformed MSN messages.
A remote attacker could send a carefully crafted MSN message
causing gaim to crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CAN-2005-1262 to this issue.

Users of Gaim are advised to upgrade to this updated package
which contains backported patches and is not vulnerable to these
issues.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm

bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm

ppc:
742c7971f07ba2a83af5023ac4283f02 gaim-1.2.1-6.el3.ppc.rpm

s390:
987db3f09037b9f8deeaaafd51fe76c3 gaim-1.2.1-6.el3.s390.rpm

s390x:
16d7c8d5fe4dd0f99f1bd6418f3e03c7 gaim-1.2.1-6.el3.s390x.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm

bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm

bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-1.2.1-6.el3.src.rpm

bc81df1e2393d51d607dbdd5ebcd6254 gaim-1.2.1-6.el3.src.rpm

i386:
83ef867ebf9618418bbde568a3599830 gaim-1.2.1-6.el3.i386.rpm

ia64:
4a93e8e28ddfc147277773480c90a706 gaim-1.2.1-6.el3.ia64.rpm

x86_64:
76c553295cbee1bb7f5369cf54e1115b gaim-1.2.1-6.el3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm

8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm

ppc:
f596381eb4b924a8b43df623ac2011ae gaim-1.2.1-6.el4.ppc.rpm

s390:
c72eb22cda05c6f23caabc458a6b3132 gaim-1.2.1-6.el4.s390.rpm

s390x:
6a64c4e6cd546fd98d2ee0f44c04f6bb gaim-1.2.1-6.el4.s390x.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm

8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm

8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gaim-1.2.1-6.el4.src.rpm

8bcd80b9e9aad765a1596378c4d08626 gaim-1.2.1-6.el4.src.rpm

i386:
136094a6e2717de5ac02826cd91d493c gaim-1.2.1-6.el4.i386.rpm

ia64:
84e2bde6e30fb3da72651f3a3b3a1a91 gaim-1.2.1-6.el4.ia64.rpm

x86_64:
d835d342a18973c499c3444a46db9cba gaim-1.2.1-6.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Critical: gaim security update
Advisory ID: RHSA-2005:432-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-432.html

Issue date: 2005-05-11
Updated on: 2005-05-11
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0472 CAN-2005-1261

1. Summary:

An updated gaim package that fixes security issues is now
available for Red Hat Enterprise Linux 2.1.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386

3. Problem description:

The Gaim application is a multi-protocol instant messaging
client.

A stack based buffer overflow bug was found in the way gaim
processes a message containing a URL. A remote attacker could send
a carefully crafted message resulting in the execution of arbitrary
code on a victim’s machine. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-1261 to this issue.

A bug in the way Gaim processes SNAC packets was discovered. It
is possible that a remote attacker could send a specially crafted
SNAC packet to a Gaim client, causing the client to stop
responding. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CAN-2005-0472 to this issue.

Users of Gaim are advised to upgrade to this updated package
which contains gaim version 0.59.9 with backported patches to
correct these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm

f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm

ia64:
5f32a394431f368a7c9e049f4ebb7494 gaim-0.59.9-4.el2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm

f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

ia64:
5f32a394431f368a7c9e049f4ebb7494 gaim-0.59.9-4.el2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm

f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gaim-0.59.9-4.el2.src.rpm

f01435d610c70ca301e25da9790e73a1 gaim-0.59.9-4.el2.src.rpm

i386:
dd0961f496e0be18e79c1893e5b061f4 gaim-0.59.9-4.el2.i386.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: ethereal
Advisory ID: MDKSA-2005:083
Date: May 10th, 2005
Affected versions: 10.1, 10.2

Problem Description:

A number of vulnerabilities were discovered in previous version
of Ethereal that have been fixed in the 0.10.11 release,
including:

  • The ANSI A and DHCP dissectors are vulnerable to format string
    vulnerabilities.
  • The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
    PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP,
    TCAP and Presentation dissectors are vulnerable to buffer
    overflows.
  • The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and
    SMB NETLOGON dissectors are vulnerable to pointer handling
    errors.
  • The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
    L2TP dissectors are vulnerable to looping problems.
  • The Telnet and DHCP dissectors could abort.
  • The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause
    a segmentation fault.
  • The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS,
    IAX2, RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw
    assertions.
  • The DICOM, NDPS and ICEP dissectors are vulnerable to memory
    handling errors.
  • The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
    dissectors could terminate abnormallly.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.