Bug 157017

Summary: CAN-2005-1261 Gaim long url buffer overflow
Product: Red Hat Enterprise Linux 4 Reporter: Josh Bressers <bressers>
Component: gaimAssignee: Warren Togami <wtogami>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: medium    
Version: 4.0CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,public=20050510,source=gaim,reported=20050505
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-11 08:24:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Upstream patch none

Description Josh Bressers 2005-05-06 02:39:40 UTC 
A buffer overflow has been found in Gaim.  It is possible for a remote attacker
to send a message containing a very long URL to overflow a buffer.  This attack
is mitigated by the fact that not all the messaging protocols allow messages
long enough to overflow this particular buffer.
Comment 1 Josh Bressers 2005-05-06 02:39:41 UTC 
Created attachment 114072 [details]
Upstream patch
Comment 2 Josh Bressers 2005-05-06 02:41:22 UTC 
This issue should also affect RHEL3 and may affect RHEL2.1
Comment 3 Josh Bressers 2005-05-06 18:31:28 UTC 
This issue is going to be RHSA-2005:429
Comment 4 Mark J. Cox 2005-05-11 08:03:54 UTC 
public, removing embargo
Comment 5 Mark J. Cox 2005-05-11 08:24:22 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-432.html
Comment 6 Mark J. Cox 2005-05-11 08:33:39 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-429.html