Mandrake Linux Security Advisory : gaim (MDKSA-2005:086)
High Nessus Plugin ID 18275
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMore vulnerabilities have been found in the gaim instant messaging client. A stack-based buffer overflow bug was found in how gaim processes a message containing a URL; a remote attacker could send a carefully crafted message to cause the execution of arbitrary code on the user's machine (CVE-2005-1261).
Another bug was found in how gaim handles malformed MSN messages; an attacker could send a carefully crafted MSN message that would cause gaim to crash (CVE-2005-1262).
Gaim version 1.3.0 fixes these issues and is provided with this update.
SolutionUpdate the affected packages.