View Full Version : USN-675-2: Gaim vulnerability

November 24th, 2008, 06:50 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-675-2 November 24, 2008 gaim vulnerability CVE-2008-2927 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gaim 1:1.5.0+1.5.1cvs20051015-1ubuntu10.1 After a standard system upgrade you need to restart Gaim to effect the necessary changes. Details follow: It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927)

More... (http://www.ubuntu.com/usn/USN-675-2)