VULHUB ™

Gaim version 0.82 has been released. This version addressed various security vulnerabilities. The following specific issues have been disclosed by the vendor: Gaim is reported prone to a remote arbitrary command execution vulnerability during the installation of a smiley theme. The Gaim client is reported prone to a remote heap overflow vulnerability when processing data from a groupware server. A remote buffer overflow vulnerability exists in the URI parsing utility. A buffer overflow vulnerability arises when the application performs a DNS query to obtain a hostname when signing on to zephyr. Another buffer overflow presents itself when the application processes Rich Text Format (RTF) messages. A malicious server can trigger a buffer overflow vulnerability in Gaim by supplying an excessive value for the 'content-length' header. These issues affect Gaim versions prior to 0.82. Some of these issues may have been reported previously. This BID will be updated and divided into...

Gaim version 0.82 has been released. This version addressed various security vulnerabilities. The following specific issues have been disclosed by the vendor: Gaim is reported prone to a remote arbitrary command execution vulnerability during the installation of a smiley theme. The Gaim client is reported prone to a remote heap overflow vulnerability when processing data from a groupware server. A remote buffer overflow vulnerability exists in the URI parsing utility. A buffer overflow vulnerability arises when the application performs a DNS query to obtain a hostname when signing on to zephyr. Another buffer overflow presents itself when the application processes Rich Text Format (RTF) messages. A malicious server can trigger a buffer overflow vulnerability in Gaim by supplying an excessive value for the 'content-length' header. These issues affect Gaim versions prior to 0.82. Some of these issues may have been reported previously. This BID will be updated and divided into individual BIDs as more information becomes available.