Debian Security Advisory

DSA-769-1 gaim -- memory alignment bug

Date Reported:
29 Jul 2005
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2005-2370.
More information:

Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.

The old stable distribution (woody) does not seem to be affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 1.2.1-1.4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gaim package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.