|
Family: Ubuntu Local Security Checks --> Category: infos
USN106-1 : gaim vulnerabilities Vulnerability Scan
Vulnerability Scan Summary gaim vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "gaim" is missing a security patch.
Description :
Jean-Yves Lefort discovered a buffer overflow in the
gaim_markup_strip_html() function. This caused Gaim to crash when
receiving certain malformed HTML messages. (CVE-2005-0965)
Jean-Yves Lefort also noticed that many functions that handle IRC
commands do not escape received HTML metacharacters
this allowed
remote attackers to cause a Denial of Service by injecting arbitrary
HTML code into the conversation window, popping up arbitrarily many
empty dialog boxes, or even causing Gaim to crash. (CVE-2005-0966)
Solution :
Upgrade to :
- gaim-1.0.0-1ubuntu1.3 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|