Mandrake Linux Security Advisory : gaim (MDKSA-2005:071)
Medium Nessus Plugin ID 18052
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMore vulnerabilities have been discovered in the gaim instant messaging client :
A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash (CVE-2005-0965).
A bug was discovered in several of gaim's IRC processing functions that fail to properly remove various markup tags within an IRC message. This could allow a remote attacker to send specially crafted message to a gaim client connected to an IRC server, causing it to crash (CVE-2005-0966).
Finally, a problem was found in gaim's Jabber message parser that would allow a remote Jabber user to send a specially crafted message to a gaim client, bausing it to crash (CVE-2005-0967).
Gaim version 1.2.1 is not vulnerable to these issues and is provided with this update.
SolutionUpdate the affected packages.