VUPEN Security - Mandriva Security Update Fixes Gaim Integer Overflow Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Gaim Integer Overflow Vulnerabilities

Title : Mandriva Security Update Fixes Gaim Integer Overflow Vulnerabilities
VUPEN ID : VUPEN/ADV-2009-1482
CVE ID : CVE-2008-2927
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2009-06-04

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Gaim. For additional information, see : VUPEN/ADV-2008-2032

Affected Products

Mandriva Corporate 3.0

Solution

Upgrade the affected packages :

Corporate 3.0:
f33a114cbf007f28fd6e8198ca1ebca2 corporate/3.0/i586/gaim-1.5.0-0.2.C30mdk.i586.rpm
36237a65920d5ed005aa3a15a4cd3c56 corporate/3.0/i586/gaim-devel-1.5.0-0.2.C30mdk.i586.rpm
638615c071a4118e4ecbec232930308d corporate/3.0/i586/gaim-perl-1.5.0-0.2.C30mdk.i586.rpm
c4d0735b587705b70c1423b4a79d89ca corporate/3.0/i586/gaim-tcl-1.5.0-0.2.C30mdk.i586.rpm
7db03353a62b5de39906113c585c5fb4 corporate/3.0/i586/libgaim-remote0-1.5.0-0.2.C30mdk.i586.rpm
671616d112af90f9cffc359aa08c764f corporate/3.0/i586/libgaim-remote0-devel-1.5.0-0.2.C30mdk.i586.rpm
43d70b5e7e3dda956660cda4a88e9e8b corporate/3.0/SRPMS/gaim-1.5.0-0.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
1c01cd160fc75a94efec2aa945e36b35 corporate/3.0/x86_64/gaim-1.5.0-0.2.C30mdk.x86_64.rpm
8262c9b0566cd80792c0bdc937821125 corporate/3.0/x86_64/gaim-devel-1.5.0-0.2.C30mdk.x86_64.rpm
d3ca7daf40fcae4792f3e005e546a1f2 corporate/3.0/x86_64/gaim-perl-1.5.0-0.2.C30mdk.x86_64.rpm
23d7f53561346118cbf3aef045a325a5 corporate/3.0/x86_64/gaim-tcl-1.5.0-0.2.C30mdk.x86_64.rpm
d1f44f583038fe88d01afb1df936072f corporate/3.0/x86_64/lib64gaim-remote0-1.5.0-0.2.C30mdk.x86_64.rpm
fbb9ef34e9771a666717d6ea45246cf1 corporate/3.0/x86_64/lib64gaim-remote0-devel-1.5.0-0.2.C30mdk.x86_64.rpm
43d70b5e7e3dda956660cda4a88e9e8b corporate/3.0/SRPMS/gaim-1.5.0-0.2.C30mdk.src.rpm

References

http://www.vupen.com/english/advisories/2009/1482
http://lists.mandriva.com/security-announce/2009-06/msg00003.php

ChangeLog

2009-06-04 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-15

Domain Verkaus and Auktions Portal "id" SQL Injection Vulnerability

>> 2010-03-15

deV!Lz Clanportal "basePath" Parameter File Inclusion Vulnerability

>> 2010-03-15

PhpMyLogon "username" Parameter Remote SQL Injection Vulnerability

>> 2010-03-15

Azeno CMS "id" Parameter Remote SQL Injection Vulnerability

>> 2010-03-15

Geekhelps ADMP SQL Injection and Local File Inclusion Vulnerabilities

More Informations