Debian Security Advisory
DSA-716-1 gaim -- denial of service
- Date Reported:
- 27 Apr 2005
- Affected Packages:
- gaim
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2005-0472.
- More information:
-
It has been discovered that certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim, a multi-protocol instant messaging client, and hence lead to a denial of service of the client.
Two more denial of service conditions have been discovered in newer versions of Gaim which are fixed in the package in sid but are not present in the package in woody.
For the stable distribution (woody) this problem has been fixed in version 0.58-2.5.
For the unstable distribution (sid) these problems have been fixed in version 1.1.3-1.
We recommend that you upgrade your gaim packages.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.dsc
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_alpha.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_alpha.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_arm.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_arm.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_i386.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_i386.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_ia64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_ia64.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_hppa.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_hppa.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_m68k.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_m68k.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mips.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mips.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mipsel.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_powerpc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_s390.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_s390.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_sparc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_sparc.deb
- http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb
MD5 checksums of the listed files are available in the original advisory.