Gaim: Denial of Service issues

Gaim: Denial of Service issues Gaim contains multiple vulnerabilities that can lead to a Denial of Service. Gaim 2005-04-06 2005-04-06 87903 remote 1.2.1 1.2.1

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Multiple vulnerabilities have been addressed in the latest release of Gaim:

A buffer overread in the gaim_markup_strip_html() function, which is used when logging conversations (CAN-2005-0965).
Markup tags are improperly escaped using Gaim's IRC plugin (CAN-2005-0966).
Sending a specially crafted file transfer request to a Gaim Jabber user can trigger a crash (CAN-2005-0967).

An attacker could possibly cause a Denial of Service by exploiting any of these vulnerabilities.

There is no known workaround at this time.

All Gaim users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"

CAN-2005-0967 CAN-2005-0966 CAN-2005-0965 Gaim Vulnerability Index koon lewk lewk