Bug 153319 - CAN-2005-0472 Gaim DoS
CAN-2005-0472 Gaim DoS
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: gaim (Show other bugs)
2.1
All Linux
medium Severity high
: ---
: ---
Assigned To: Warren Togami
impact=important,public=20050217,sour...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-04 15:17 EDT by Josh Bressers
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-11 04:24:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-04-04 15:17:09 EDT
We initially thought CAN-2005-0472 didn't affect RHEL2.1.  It however does.

http://gaim.sourceforge.net/security/index.php?id=10
Comment 1 Warren Togami 2005-04-08 02:04:20 EDT
While looking at the package, I discovered that Patch0: gaim-0.59.1-args.patch
was not being applied by accident.  It prevents an overflow into the command,
but it doesn't look like it had security implications.  Not sure.  Upstream has
it here:

http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/Attic/browser.c  Revision
1.23.2.3 "Thanks Chris Blizzard.  I think that maybe in the future we'll make
Gaim not have any bugs."

http://devserv.devel.redhat.com/~wtogami/Changelog-0.59.9
It appears that upstream made several more 0.59.x maintenance releases after the
0.59.1 that we ship.  The same spec that I checked into CVS works with 0.59.9
after removing patch0 which was included in 0.59.2.  Should we ship 0.59.9
instead of 0.59.1 in RHEL2.1?  You decide.  

I am unable to test these binaries locally.
Comment 2 Warren Togami 2005-04-09 01:23:55 EDT
gaim-0.59.9-1.el2 has been mkerrata'ed.  Let me know if you need anything else.
Comment 3 Warren Togami 2005-04-29 01:35:54 EDT
ping bressers
Comment 5 Mark J. Cox (Product Security) 2005-05-11 04:24:22 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-432.html

Note You need to log in before you can comment on or make changes to this bug.