-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:127 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gaim Date : June 3, 2009 Affected: Corporate 3.0 _______________________________________________________________________ Problem Description: It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927) _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927 _______________________________________________________________________ Updated Packages: Corporate 3.0: f33a114cbf007f28fd6e8198ca1ebca2 corporate/3.0/i586/gaim-1.5.0-0.2.C30mdk.i586.rpm 36237a65920d5ed005aa3a15a4cd3c56 corporate/3.0/i586/gaim-devel-1.5.0-0.2.C30mdk.i586.rpm 638615c071a4118e4ecbec232930308d corporate/3.0/i586/gaim-perl-1.5.0-0.2.C30mdk.i586.rpm c4d0735b587705b70c1423b4a79d89ca corporate/3.0/i586/gaim-tcl-1.5.0-0.2.C30mdk.i586.rpm 7db03353a62b5de39906113c585c5fb4 corporate/3.0/i586/libgaim-remote0-1.5.0-0.2.C30mdk.i586.rpm 671616d112af90f9cffc359aa08c764f corporate/3.0/i586/libgaim-remote0-devel-1.5.0-0.2.C30mdk.i586.rpm 43d70b5e7e3dda956660cda4a88e9e8b corporate/3.0/SRPMS/gaim-1.5.0-0.2.C30mdk.src.rpm Corporate 3.0/X86_64: 1c01cd160fc75a94efec2aa945e36b35 corporate/3.0/x86_64/gaim-1.5.0-0.2.C30mdk.x86_64.rpm 8262c9b0566cd80792c0bdc937821125 corporate/3.0/x86_64/gaim-devel-1.5.0-0.2.C30mdk.x86_64.rpm d3ca7daf40fcae4792f3e005e546a1f2 corporate/3.0/x86_64/gaim-perl-1.5.0-0.2.C30mdk.x86_64.rpm 23d7f53561346118cbf3aef045a325a5 corporate/3.0/x86_64/gaim-tcl-1.5.0-0.2.C30mdk.x86_64.rpm d1f44f583038fe88d01afb1df936072f corporate/3.0/x86_64/lib64gaim-remote0-1.5.0-0.2.C30mdk.x86_64.rpm fbb9ef34e9771a666717d6ea45246cf1 corporate/3.0/x86_64/lib64gaim-remote0-devel-1.5.0-0.2.C30mdk.x86_64.rpm 43d70b5e7e3dda956660cda4a88e9e8b corporate/3.0/SRPMS/gaim-1.5.0-0.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKJniEmqjQ0CJFipgRAmmYAJ9Ws9bVrOxm9QaFSM7UmlpwR4qYSQCfeaER dMI/55ysmlo17nZXRkr0P2k= =NIbs -----END PGP SIGNATURE-----
