=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN385
_____________________________________________________________________

DATE                      : 16/05/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running gaim.

======================================================================

  _______________________________________________________________________

                 Mandriva Linux Security Update Advisory
  _______________________________________________________________________

  Package name:           gaim
  Advisory ID:            MDKSA-2005:099
  Date:                   June 14th, 2005

  Affected versions:	 10.1, 10.2, Corporate 3.0
  ______________________________________________________________________

  Problem Description:

  More vulnerabilities have been discovered in the gaim IM client.  The
  first is a remote crash with the Yahoo! protocol (CAN-2005-1269) and
  the second is a remote DoS in the MSN protocol (CAN-2005-1934).

  These problems have been corrected in gaim 1.3.1 which is provided with
  this update.
  _______________________________________________________________________

  References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1269
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1934
  ______________________________________________________________________

  Updated Packages:

  Mandrakelinux 10.1:
  6e4fcf0213cb1239d68dd516527e8243  10.1/RPMS/gaim-1.3.1-0.1.101mdk.i586.rpm
  267ef252ba9947e9b64bde9dddebe21e  10.1/RPMS/gaim-devel-1.3.1-0.1.101mdk.i586.rpm
  31e933f06152ce1c6fa9057f1ead1364  10.1/RPMS/gaim-gevolution-1.3.1-0.1.101mdk.i586.rpm
  e49e26277de52b0a2e4abbf3bceb2742  10.1/RPMS/gaim-perl-1.3.1-0.1.101mdk.i586.rpm
  9c8065be22410ada3a470d95a844d881  10.1/RPMS/gaim-tcl-1.3.1-0.1.101mdk.i586.rpm
  9aa758d669e32efdd1f0584f77f9f55d  10.1/RPMS/libgaim-remote0-1.3.1-0.1.101mdk.i586.rpm
  66f4c7bcee4faf74c2ba012cd7ba289f  10.1/RPMS/libgaim-remote0-devel-1.3.1-0.1.101mdk.i586.rpm
  7fc91e876195bb1257ff5b428e306fdf  10.1/SRPMS/gaim-1.3.1-0.1.101mdk.src.rpm

  Mandrakelinux 10.1/X86_64:
  9876d97be01fe46772f8f80ce28f5ccf  x86_64/10.1/RPMS/gaim-1.3.1-0.1.101mdk.x86_64.rpm
  49750a6aa86e6e09dc16f2317f7e0062  x86_64/10.1/RPMS/gaim-devel-1.3.1-0.1.101mdk.x86_64.rpm
  3ba1aaa598b1a90d2d7dfea3bd744d9e  x86_64/10.1/RPMS/gaim-gevolution-1.3.1-0.1.101mdk.x86_64.rpm
  cb7ef50532ea094e4cf0ebe707931740  x86_64/10.1/RPMS/gaim-perl-1.3.1-0.1.101mdk.x86_64.rpm
  2110f664d1c4e4c3dfcf84c3696b60d3  x86_64/10.1/RPMS/gaim-tcl-1.3.1-0.1.101mdk.x86_64.rpm
  178bd8ac319f10604b8327790743526f  x86_64/10.1/RPMS/lib64gaim-remote0-1.3.1-0.1.101mdk.x86_64.rpm
  db568bc151eb0b6211344c7608dd6099  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.101mdk.x86_64.rpm
  7fc91e876195bb1257ff5b428e306fdf  x86_64/10.1/SRPMS/gaim-1.3.1-0.1.101mdk.src.rpm

  Mandrakelinux 10.2:
  72bed53f4a863d4bb3e7515d7a30adef  10.2/RPMS/gaim-1.3.1-0.1.102mdk.i586.rpm
  9a5ee47f3921ea57a6d3385c60379186  10.2/RPMS/gaim-devel-1.3.1-0.1.102mdk.i586.rpm
  66ba156f6e65011761ddfca073e6dc94  10.2/RPMS/gaim-gevolution-1.3.1-0.1.102mdk.i586.rpm
  1426070274bafd55bdc3eadea2ebfa3a  10.2/RPMS/gaim-perl-1.3.1-0.1.102mdk.i586.rpm
  3b77402203fa59aa449b046a7c58749d  10.2/RPMS/gaim-silc-1.3.1-0.1.102mdk.i586.rpm
  1115565b2f2ba8505c9012ef472b35b8  10.2/RPMS/gaim-tcl-1.3.1-0.1.102mdk.i586.rpm
  af6689ae3b55c35dbd2823b2a7474016  10.2/RPMS/libgaim-remote0-1.3.1-0.1.102mdk.i586.rpm
  5d9bb26bca7d190dfa4f138621a85edf  10.2/RPMS/libgaim-remote0-devel-1.3.1-0.1.102mdk.i586.rpm
  9f397d2a338771fdf24f9d37ce55fd85  10.2/SRPMS/gaim-1.3.1-0.1.102mdk.src.rpm

  Mandrakelinux 10.2/X86_64:
  4189d6699c1a05c97b170e81d549f8ea  x86_64/10.2/RPMS/gaim-1.3.1-0.1.102mdk.x86_64.rpm
  0a235252f3509b3c3dc15d71482f39b0  x86_64/10.2/RPMS/gaim-devel-1.3.1-0.1.102mdk.x86_64.rpm
  4ed3e16d23379d1a87474d4712671357  x86_64/10.2/RPMS/gaim-gevolution-1.3.1-0.1.102mdk.x86_64.rpm
  0d604302e4abd887e5bf4b46d4ab19d1  x86_64/10.2/RPMS/gaim-perl-1.3.1-0.1.102mdk.x86_64.rpm
  d115b6f98c2c93658810ed35aa54e108  x86_64/10.2/RPMS/gaim-silc-1.3.1-0.1.102mdk.x86_64.rpm
  88ad11a13f42cc093728061437c7de86  x86_64/10.2/RPMS/gaim-tcl-1.3.1-0.1.102mdk.x86_64.rpm
  21e357632a07cc8e8fbcf280384d3642  x86_64/10.2/RPMS/lib64gaim-remote0-1.3.1-0.1.102mdk.x86_64.rpm
  f0971fdfda8337897dfbfb9e0ee04fdb  x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.102mdk.x86_64.rpm
  9f397d2a338771fdf24f9d37ce55fd85  x86_64/10.2/SRPMS/gaim-1.3.1-0.1.102mdk.src.rpm

  Corporate 3.0:
  ad4c433c3a75e8b4b24eb0a66caca44f  corporate/3.0/RPMS/gaim-1.3.1-0.1.C30mdk.i586.rpm
  8e279142cc357b43a8c58a3c73ac9b5e  corporate/3.0/RPMS/gaim-devel-1.3.1-0.1.C30mdk.i586.rpm
  661dea400ea206801c3a4434154405b7  corporate/3.0/RPMS/gaim-perl-1.3.1-0.1.C30mdk.i586.rpm
  93090aa5d4a50e578824af9f3a5d4995  corporate/3.0/RPMS/gaim-tcl-1.3.1-0.1.C30mdk.i586.rpm
  9fff14e865ab7667b6a03c7bb406f32b  corporate/3.0/RPMS/libgaim-remote0-1.3.1-0.1.C30mdk.i586.rpm
  067375646e00fb20ab7a2c9b2e48a951  corporate/3.0/RPMS/libgaim-remote0-devel-1.3.1-0.1.C30mdk.i586.rpm
  92a5283dc08a218a563df01b1c6dbe4a  corporate/3.0/SRPMS/gaim-1.3.1-0.1.C30mdk.src.rpm

  Corporate 3.0/X86_64:
  bf58aaf15a384a62ccdeeac89316e0b9  x86_64/corporate/3.0/RPMS/gaim-1.3.1-0.1.C30mdk.x86_64.rpm
  6539c1d78d9c17c05d33c44036adc1fe  x86_64/corporate/3.0/RPMS/gaim-devel-1.3.1-0.1.C30mdk.x86_64.rpm
  fa92889caa8ce98b40598f0a5e8d12e9  x86_64/corporate/3.0/RPMS/gaim-perl-1.3.1-0.1.C30mdk.x86_64.rpm
  0114367256677963d91e09bffe9bed2f  x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.1-0.1.C30mdk.x86_64.rpm
  8d66f38ed47ae7e5dc093c2086f414de  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.1-0.1.C30mdk.x86_64.rpm
  fd52dd04761c70fc9a34bd080f60fa9f  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.1-0.1.C30mdk.x86_64.rpm
  92a5283dc08a218a563df01b1c6dbe4a  x86_64/corporate/3.0/SRPMS/gaim-1.3.1-0.1.C30mdk.src.rpm
  _______________________________________________________________________

  To upgrade automatically use MandrakeUpdate or urpmi.  The verification
  of md5 checksums and GPG signatures is performed automatically for you.

  All packages are signed by Mandriva for security.  You can obtain the
  GPG public key of the Mandriva Security Team by executing:

   gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

  You can view other update advisories for Mandriva Linux at:

   http://www.mandriva.com/security/advisories

  If you want to report vulnerabilities, please contact

   security_(at)_mandriva.com
  _______________________________________________________________________

  Type Bits/KeyID     Date       User ID
  pub  1024D/22458A98 2000-07-10 Mandriva Security Team
   <security*mandriva.com>

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================