95347 – net-im/gaim: Multiple DoS (CAN-2005-1269 and -1934)

Bug 95347 - net-im/gaim: Multiple DoS (CAN-2005-1269 and -1934)

Summary: net-im/gaim: Multiple DoS (CAN-2005-1269 and -1934)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Other

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://gaim.sourceforge.net/security/
Whiteboard:	A3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-06-07 07:40 UTC by Thierry Carrez (RETIRED)
Modified:	2005-07-07 23:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-06-07 07:40:50 UTC

Gaim plans on releasing 1.3.1 on Thursday to fix a Yahoo DoS.

It is possible to crash gaim by sending a file transfer of a file with a
file name with some character sets.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-06-07 07:44:11 UTC

Patch @
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/yahoo/yahoo_filexfer.c?r1=1.13.2.9&r2=1.13.2.10&diff_format=u

rizzo: please don't commit anything until the public release. Then it's your
call between applying the patch to the current one, or releasing a pure 1.3.1.

Comment 2 Don Seiler (RETIRED) gentoo-dev

2005-06-08 11:12:20 UTC

I'd rather just wait for 1.3.1.  It will be out tomorrow night.

Comment 3 Don Seiler (RETIRED) gentoo-dev

2005-06-08 11:13:14 UTC

An MSN DOS was also posted today to the gaim-packagers list which *should* be
fixed for 1.3.1 as well.

Comment 4 Don Seiler (RETIRED) gentoo-dev

2005-06-09 20:58:47 UTC

gaim-1.3.1 is now in portage, stable x86, unstable all others.

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-06-10 00:33:26 UTC

MSN Remote DoS (CAN-2005-1934)
Discovered By	Hugo de Bokkenrijder
Remote attackers can cause a denial of service (crash) via a malformed MSN
message that leads to a memory allocation of a large size, possibly due to an
integer signedness error.

Remote Yahoo! crash (CAN-2005-1269)
Discovered By	Jacopo Ottaviani
Remote denial of service when being offered files with names containing
non-ASCII characters.

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-06-10 00:34:48 UTC

Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
Arches, please test and mark stable

Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev

2005-06-10 06:00:42 UTC

sparc stable.

Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-06-10 12:10:19 UTC

Stable on ppc.

Comment 9 Simon Stelling (RETIRED) gentoo-dev

2005-06-10 13:11:25 UTC

stable on amd64

Comment 10 Aron Griffis (RETIRED) gentoo-dev

2005-06-10 13:32:54 UTC

stable on alpha ia64

Comment 11 SpanKY gentoo-dev

2005-06-10 23:46:09 UTC

arm stable

Comment 12 Markus Rothe (RETIRED) gentoo-dev

2005-06-11 03:13:37 UTC

stable on ppc64

Comment 13 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-06-12 04:16:30 UTC

Stable on hppa.

Comment 14 Thierry Carrez (RETIRED) gentoo-dev

2005-06-12 07:11:20 UTC

GLSA 200506-11
mips: remember to mark stable to benefir from GLSA

Comment 15 Hardave Riar (RETIRED) gentoo-dev

2005-07-07 23:55:14 UTC

Stable on mips.