Bug 152916 - CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
Summary: CAN-2005-0208,0472,0473,0965,0966,0967 gaim security issues
Keywords:
Status: CLOSED DUPLICATE of bug 158543
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: gaim
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: https://rhn.redhat.com/errata/RHSA-20...
Whiteboard: 1, LEGACY, rh73, rh90
Depends On: 158543
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-10 20:40 UTC by Marc Deslauriers
Modified: 2007-04-18 17:22 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-15 22:16:18 UTC
Embargoed:


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:31:58 UTC
Two HTML parsing bugs were discovered in Gaim. It is possible that a remote
attacker could send a specially crafted message to a Gaim client, causing
it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to
these issues.

A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC packet
to a Gaim client, causing the client to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0472 to this issue.

https://rhn.redhat.com/errata/RHSA-2005-215.html



------- Additional Comments From marcdeslauriers 2005-03-10 18:14:16 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated gaim packages to QA:

Changelog 7.3:
* Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers>
1.1.4-0.73.1.legacy
- - Updated to 1.1.4 to fix security issues
- - Added CVS backport patches from RHEL

Changelog 9:
* Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers>
1:1.1.4-0.90.1.legacy
- - Rebuilt as Fedora Legacy rh9 security update
- - Added mozilla-nspr-devel and mozilla-nss BuildRequires
- - Reverted to rh9-style desktop file
- - Disabled PIE patch

* Mon Mar 07 2005 Warren Togami <wtogami> 1:1.1.4-1.EL3.1
- - RHEL3

Changelog fc1:
* Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers>
1:1.1.4-1.FC1.1.legacy
- - Rebuilt as Fedora Legacy FC1 security update

* Mon Mar 07 2005 Warren Togami <wtogami> 1:1.1.4-1.EL3.1
- - RHEL3

15309331e1032757cbf9ef6accafa9469097b204  7.3/gaim-1.1.4-0.73.1.legacy.i386.rpm
627859eb624e8c9b76b70cd4405b8fd4ac676cde  7.3/gaim-1.1.4-0.73.1.legacy.src.rpm
d4e88861a7daabaacafa134bb41a1555f0b73c82  9/gaim-1.1.4-0.90.1.legacy.i386.rpm
036a6ed3976f47e77fbb6585246547367da08cfd  9/gaim-1.1.4-0.90.1.legacy.src.rpm
5db7c62375cf32712770d93772a81914c0c13da7  1/gaim-1.1.4-1.FC1.1.legacy.i386.rpm
6a1bef63f68e7651830b5add3e07df5235d64457  1/gaim-1.1.4-1.FC1.1.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.1.4-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.1.4-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.1.4-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.1.4-0.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.1.4-1.FC1.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.1.4-1.FC1.1.legacy.src.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCMRsMLMAs/0C4zNoRAlznAJ4srI3SU6VSetqwEPA0M2OfNTi1rwCguHMq
sP/GMz+lNowN0X8QcryzOCU=
=/EQt
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas 2005-03-18 06:16:26 ----

Hmm.. I guess gaim is one of those packages which is worth updating instead of
backporting. Will QA..



------- Additional Comments From pekkas 2005-03-18 09:11:35 ----

I looked at this a bit.  It's very difficult to do QA RHL9/FC1, because there
have been so many changes in the spec file :-/.  Did you consider doing the same
as with RHL73, just upgraded to the latest and add the patches, but keep the
spec file changes to the minimum ?



------- Additional Comments From marcdeslauriers 2005-03-18 13:35:56 ----

Yeah, I considered it, but rh73 is easier to upgrade the version as it uses the
default gaim configuration, where rh9 and fc1 use a custom config that needs to
be changed every time.

for rh9 and fc1, it's easier to follow the rhel package.



------- Additional Comments From pekkas 2005-03-18 22:49:41 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh:
 - source file integrity OK
 - patches verified
 - checked RHL9 and FC1 binaries w/ rpm-build-compare
 - spec file changes look cursorily OK; I don't use gaim, however.

A few notes:
   
- - In RHL9, there were some changes in gaim-fedora-prefs.xml, e.g., removing a
section with jabber.  Was this intentional? (I have no idea whether this
matters or not, because I don't use gaim..)

- - gaim 1.0.2 which we shipped for RHL9 included the following Requires which
are now missing: libcrypt.so.1, libgnome, libutil.so.1, mozilla-nss. 
perl.so is no longer provided either. This smells like trouble, especially
the lack of libcrypt.

I could give all of these a PUBLISH, but I'd hope someone who actually uses
gaim would double-check the above two issues first.

(+PUBLISH RHL73,RHL9,FC1)

627859eb624e8c9b76b70cd4405b8fd4ac676cde  gaim-1.1.4-0.73.1.legacy.src.rpm
036a6ed3976f47e77fbb6585246547367da08cfd  gaim-1.1.4-0.90.1.legacy.src.rpm
6a1bef63f68e7651830b5add3e07df5235d64457  gaim-1.1.4-1.FC1.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCO+eSGHbTkzxSL7QRAv6zAKCPNVXj98eDiMakD93OuwNgxlLO8QCfT6u/
VQ/TGefy8COpvzvGCTGlJS8=
=gUNd
-----END PGP SIGNATURE-----




------- Bug moved to this database by dkl 2005-03-30 18:31 -------

This bug previously known as bug 2447 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2447
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.



Comment 1 Marc Deslauriers 2005-04-15 22:20:13 UTC
Three more problems:
A buffer overflow bug was found in the way gaim escapes HTML. It is
possible that a remote attacker could send a specially crafted message to a
Gaim client, causing it to crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue.

A bug was found in several of gaim's IRC processing functions. These
functions fail to properly remove various markup tags within an IRC
message. It is possible that a remote attacker could send a specially
crafted message to a Gaim client connected to an IRC server, causing it to
crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0966 to this issue.

A bug was found in gaim's Jabber message parser. It is possible for a
remote Jabber user to send a specially crafted message to a Gaim client,
causing it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0967 to this issue.

https://rhn.redhat.com/errata/RHSA-2005-365.html

Comment 2 Marc Deslauriers 2005-04-16 13:44:04 UTC
The jabber section removed from the xml file doesn't matter, it was default
settings.

libcrypt.so.1, libgnome, libutil.so.1, mozilla-nss and perl.so being missing is
a side-effect of not including the perl plugin anymore. The perl plugin doesn't
work anymore with the version of perl included in rh9.

Comment 3 Marc Deslauriers 2005-04-16 14:41:28 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated gaim packages to QA:

db9890ac5ebc8332142acaf15e40458737f09e33  7.3/gaim-1.2.1-0.73.1.legacy.i386.rpm
3e0dcb3357d8a6ce734a96a266e8ab0c9d6054cd  7.3/gaim-1.2.1-0.73.1.legacy.src.rpm
054c3fc689b96d40e137fcecf5685bcf358dcbd5  9/gaim-1.2.1-0.90.1.legacy.i386.rpm
b335015f69cb398dc71ea41e90f9fbfc4545e8a4  9/gaim-1.2.1-0.90.1.legacy.src.rpm
f8fd03f350558a6e5b091110fc7d8f40bff50214  1/gaim-1.2.1-1.fc1.1.legacy.i386.rpm
1e8305ad9bc8083c46a825878bf3c952914cc8e1  1/gaim-1.2.1-1.fc1.1.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.2.1-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.2.1-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.2.1-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.2.1-0.90.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.2.1-1.fc1.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.2.1-1.fc1.1.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCYSOjLMAs/0C4zNoRAqHcAJ4gVtCd7l0uvKFB6xLWnco23185fACdHZha
eLNYo4fkUbC6LhQ9qPwSEdA=
=WCkI
-----END PGP SIGNATURE-----


Comment 4 Pekka Savola 2005-04-16 16:29:46 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh:
 - source integrity good
 - RHL73 spec file compares to the previous FL package OK; RHL9 matches
   RHEL3; FC1 is pretty close to both previous FL and RHEL3
 - patches verified to come from RHEL3

+PUBLISH RHL73,RHL9,FC1

3e0dcb3357d8a6ce734a96a266e8ab0c9d6054cd  gaim-1.2.1-0.73.1.legacy.src.rpm
b335015f69cb398dc71ea41e90f9fbfc4545e8a4  gaim-1.2.1-0.90.1.legacy.src.rpm
1e8305ad9bc8083c46a825878bf3c952914cc8e1  gaim-1.2.1-1.fc1.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFCYT09GHbTkzxSL7QRAkfxAJ0VcBkIQxVxJr4ch2j/YUhEAynexACgxrPP
FOrv2qyu3dk6DFaGxmsl2Oc=
=QrDZ
-----END PGP SIGNATURE-----


Comment 5 Warren Togami 2005-04-29 05:37:40 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dude just rebuild my gaim packages with the right switches at the top set,
and push it into updates.  It'll work.

(Thursday, April 28th, 2005 <--- so this message cannot be replayed)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCccfsa93+jlSirPERAj12AJkB+kFblBcXzZUqEpU2ekysIf7nzACeLznZ
KhBvnszdQ06iU+pfq8glYg8=
=YPQQ
-----END PGP SIGNATURE-----


Comment 6 Marc Deslauriers 2005-05-02 12:04:42 UTC
Packages were pushed to updates-testing

Comment 7 mschout 2005-05-10 21:16:31 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

7.3 Verify:

sha1:
70712d44b9190d1ee829674e646453fc22fadf55  gaim-1.2.1-0.73.2.legacy.i386.rpm

signatures:
gaim-1.2.1-0.73.2.legacy.i386.rpm: md5 gpg OK

packages update with out any errors or warnings.

After update, I did a jabber and an AIM conversation.
Everything seems to be working as expected.

+VERIFY RHL7.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCgSSb+CqvSzp9LOwRAguFAKCAFWez6plUBE2tYgB1iDFz9fHJYgCfRHFw
Q0yv/AL35/RPJA4Of+umDf0=
=+36Z
-----END PGP SIGNATURE-----


Comment 8 John Dalbec 2005-05-13 20:57:54 UTC
05.19.22 CVE: CAN-2005-1261
Platform: Cross Platform
Title: Gaim Remote URI Handling Buffer Overflow
Description: Gaim is an instant messaging client that supports
numerous protocols. It is reported to be vulnerable to a remote buffer
overflow issue due to improper handling of long URIs. Gaim versions
1.2.1 and earlier are reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/13590 

05.19.23 CVE: CAN-2005-1262
Platform: Cross Platform
Title: Gaim Remote MSN protocol Denial Of Service
Description: Gaim is an instant messaging client. It is vulnerable to
a denial of service issue in its MSN protocol handling code when it
receives an empty SLP message. Gaim versions 1.3.0 and eariler are
reported to be vulnerable.
Ref: http://rhn.redhat.com/errata/RHSA-2005-429.html 

Comment 9 Pekka Savola 2005-06-05 09:05:49 UTC
Note: #158543 supercedes this, please QA it (instead).   	 

Comment 10 Pekka Savola 2005-06-16 12:40:47 UTC
Unless superceded, timeout in 4 weeks.

Comment 11 Pekka Savola 2005-07-15 05:42:48 UTC
Timeout over.

Comment 12 Marc Deslauriers 2005-07-15 22:16:18 UTC
These aren't even in updates-testing anymore.
I'm not going to release them.

We need QA for #158543 instead.

*** This bug has been marked as a duplicate of 158543 ***


Note You need to log in before you can comment on or make changes to this bug.