2. There is an oscar remotely exploitable crash bug. A remote AIM or ICQ user would need to compile their own client and send a specially crafted IM (basically an IM containing lots of %s, and flag it as an away message). It results in a buffer overflow. A fix for this has not yet been commited to CVS, and the issue should be fairly unknown. The original discovery is here: http://sourceforge.net/tracker/index.php?func=detail&aid=1235427&group_id=235&atid=100235
This issue also affects RHEL3 and RHEL2.1
Created attachment 117560 [details] Proposed patch for this issue
Lifting embargo
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-627.html