Two HTML parsing bugs were discovered in Gaim. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to these issues. A bug in the way Gaim processes SNAC packets was discovered. It is possible that a remote attacker could send a specially crafted SNAC packet to a Gaim client, causing the client to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472 to this issue. https://rhn.redhat.com/errata/RHSA-2005-215.html ------- Additional Comments From marcdeslauriers 2005-03-10 18:14:16 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated gaim packages to QA: Changelog 7.3: * Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers> 1.1.4-0.73.1.legacy - - Updated to 1.1.4 to fix security issues - - Added CVS backport patches from RHEL Changelog 9: * Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers> 1:1.1.4-0.90.1.legacy - - Rebuilt as Fedora Legacy rh9 security update - - Added mozilla-nspr-devel and mozilla-nss BuildRequires - - Reverted to rh9-style desktop file - - Disabled PIE patch * Mon Mar 07 2005 Warren Togami <wtogami> 1:1.1.4-1.EL3.1 - - RHEL3 Changelog fc1: * Thu Mar 10 2005 Marc Deslauriers <marcdeslauriers> 1:1.1.4-1.FC1.1.legacy - - Rebuilt as Fedora Legacy FC1 security update * Mon Mar 07 2005 Warren Togami <wtogami> 1:1.1.4-1.EL3.1 - - RHEL3 15309331e1032757cbf9ef6accafa9469097b204 7.3/gaim-1.1.4-0.73.1.legacy.i386.rpm 627859eb624e8c9b76b70cd4405b8fd4ac676cde 7.3/gaim-1.1.4-0.73.1.legacy.src.rpm d4e88861a7daabaacafa134bb41a1555f0b73c82 9/gaim-1.1.4-0.90.1.legacy.i386.rpm 036a6ed3976f47e77fbb6585246547367da08cfd 9/gaim-1.1.4-0.90.1.legacy.src.rpm 5db7c62375cf32712770d93772a81914c0c13da7 1/gaim-1.1.4-1.FC1.1.legacy.i386.rpm 6a1bef63f68e7651830b5add3e07df5235d64457 1/gaim-1.1.4-1.FC1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.1.4-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.1.4-0.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.1.4-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.1.4-0.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.1.4-1.FC1.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.1.4-1.FC1.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCMRsMLMAs/0C4zNoRAlznAJ4srI3SU6VSetqwEPA0M2OfNTi1rwCguHMq sP/GMz+lNowN0X8QcryzOCU= =/EQt -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2005-03-18 06:16:26 ---- Hmm.. I guess gaim is one of those packages which is worth updating instead of backporting. Will QA.. ------- Additional Comments From pekkas 2005-03-18 09:11:35 ---- I looked at this a bit. It's very difficult to do QA RHL9/FC1, because there have been so many changes in the spec file :-/. Did you consider doing the same as with RHL73, just upgraded to the latest and add the patches, but keep the spec file changes to the minimum ? ------- Additional Comments From marcdeslauriers 2005-03-18 13:35:56 ---- Yeah, I considered it, but rh73 is easier to upgrade the version as it uses the default gaim configuration, where rh9 and fc1 use a custom config that needs to be changed every time. for rh9 and fc1, it's easier to follow the rhel package. ------- Additional Comments From pekkas 2005-03-18 22:49:41 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source file integrity OK - patches verified - checked RHL9 and FC1 binaries w/ rpm-build-compare - spec file changes look cursorily OK; I don't use gaim, however. A few notes: - - In RHL9, there were some changes in gaim-fedora-prefs.xml, e.g., removing a section with jabber. Was this intentional? (I have no idea whether this matters or not, because I don't use gaim..) - - gaim 1.0.2 which we shipped for RHL9 included the following Requires which are now missing: libcrypt.so.1, libgnome, libutil.so.1, mozilla-nss. perl.so is no longer provided either. This smells like trouble, especially the lack of libcrypt. I could give all of these a PUBLISH, but I'd hope someone who actually uses gaim would double-check the above two issues first. (+PUBLISH RHL73,RHL9,FC1) 627859eb624e8c9b76b70cd4405b8fd4ac676cde gaim-1.1.4-0.73.1.legacy.src.rpm 036a6ed3976f47e77fbb6585246547367da08cfd gaim-1.1.4-0.90.1.legacy.src.rpm 6a1bef63f68e7651830b5add3e07df5235d64457 gaim-1.1.4-1.FC1.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCO+eSGHbTkzxSL7QRAv6zAKCPNVXj98eDiMakD93OuwNgxlLO8QCfT6u/ VQ/TGefy8COpvzvGCTGlJS8= =gUNd -----END PGP SIGNATURE----- ------- Bug moved to this database by dkl 2005-03-30 18:31 ------- This bug previously known as bug 2447 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2447 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Three more problems: A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue. A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0966 to this issue. A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0967 to this issue. https://rhn.redhat.com/errata/RHSA-2005-365.html
The jabber section removed from the xml file doesn't matter, it was default settings. libcrypt.so.1, libgnome, libutil.so.1, mozilla-nss and perl.so being missing is a side-effect of not including the perl plugin anymore. The perl plugin doesn't work anymore with the version of perl included in rh9.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated gaim packages to QA: db9890ac5ebc8332142acaf15e40458737f09e33 7.3/gaim-1.2.1-0.73.1.legacy.i386.rpm 3e0dcb3357d8a6ce734a96a266e8ab0c9d6054cd 7.3/gaim-1.2.1-0.73.1.legacy.src.rpm 054c3fc689b96d40e137fcecf5685bcf358dcbd5 9/gaim-1.2.1-0.90.1.legacy.i386.rpm b335015f69cb398dc71ea41e90f9fbfc4545e8a4 9/gaim-1.2.1-0.90.1.legacy.src.rpm f8fd03f350558a6e5b091110fc7d8f40bff50214 1/gaim-1.2.1-1.fc1.1.legacy.i386.rpm 1e8305ad9bc8083c46a825878bf3c952914cc8e1 1/gaim-1.2.1-1.fc1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.2.1-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-1.2.1-0.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.2.1-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/gaim-1.2.1-0.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.2.1-1.fc1.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/gaim-1.2.1-1.fc1.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCYSOjLMAs/0C4zNoRAqHcAJ4gVtCd7l0uvKFB6xLWnco23185fACdHZha eLNYo4fkUbC6LhQ9qPwSEdA= =WCkI -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - RHL73 spec file compares to the previous FL package OK; RHL9 matches RHEL3; FC1 is pretty close to both previous FL and RHEL3 - patches verified to come from RHEL3 +PUBLISH RHL73,RHL9,FC1 3e0dcb3357d8a6ce734a96a266e8ab0c9d6054cd gaim-1.2.1-0.73.1.legacy.src.rpm b335015f69cb398dc71ea41e90f9fbfc4545e8a4 gaim-1.2.1-0.90.1.legacy.src.rpm 1e8305ad9bc8083c46a825878bf3c952914cc8e1 gaim-1.2.1-1.fc1.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCYT09GHbTkzxSL7QRAkfxAJ0VcBkIQxVxJr4ch2j/YUhEAynexACgxrPP FOrv2qyu3dk6DFaGxmsl2Oc= =QrDZ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dude just rebuild my gaim packages with the right switches at the top set, and push it into updates. It'll work. (Thursday, April 28th, 2005 <--- so this message cannot be replayed) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCccfsa93+jlSirPERAj12AJkB+kFblBcXzZUqEpU2ekysIf7nzACeLznZ KhBvnszdQ06iU+pfq8glYg8= =YPQQ -----END PGP SIGNATURE-----
Packages were pushed to updates-testing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 7.3 Verify: sha1: 70712d44b9190d1ee829674e646453fc22fadf55 gaim-1.2.1-0.73.2.legacy.i386.rpm signatures: gaim-1.2.1-0.73.2.legacy.i386.rpm: md5 gpg OK packages update with out any errors or warnings. After update, I did a jabber and an AIM conversation. Everything seems to be working as expected. +VERIFY RHL7.3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCgSSb+CqvSzp9LOwRAguFAKCAFWez6plUBE2tYgB1iDFz9fHJYgCfRHFw Q0yv/AL35/RPJA4Of+umDf0= =+36Z -----END PGP SIGNATURE-----
05.19.22 CVE: CAN-2005-1261 Platform: Cross Platform Title: Gaim Remote URI Handling Buffer Overflow Description: Gaim is an instant messaging client that supports numerous protocols. It is reported to be vulnerable to a remote buffer overflow issue due to improper handling of long URIs. Gaim versions 1.2.1 and earlier are reported to be vulnerable. Ref: http://www.securityfocus.com/bid/13590 05.19.23 CVE: CAN-2005-1262 Platform: Cross Platform Title: Gaim Remote MSN protocol Denial Of Service Description: Gaim is an instant messaging client. It is vulnerable to a denial of service issue in its MSN protocol handling code when it receives an empty SLP message. Gaim versions 1.3.0 and eariler are reported to be vulnerable. Ref: http://rhn.redhat.com/errata/RHSA-2005-429.html
Note: #158543 supercedes this, please QA it (instead).
Unless superceded, timeout in 4 weeks.
Timeout over.
These aren't even in updates-testing anymore. I'm not going to release them. We need QA for #158543 instead. *** This bug has been marked as a duplicate of 158543 ***