Yellow Dog Linux Security Advisory: YDU-20020810-4

Dan Burcaw yellowdog-updates@lists.terrasoftsolutions.com
Sat, 10 Aug 2002 01:17:05 -0600 (MDT) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	gaim
Issue Date: 	August 10, 2002	
Priority:	medium	
Advisory ID: 	YDU-20020810-4


1. 	Topic:

	Updated gaim packages are available.


2. 	Problem:

	"Updated gaim packages are now available for [Yellow Dog Linux 2.2 and
	2.3]. These updates fix a buffer overflow in the Jabber plug-in module.

	Gaim is an instant messaging client based on the published TOC protocol
	from AOL. Versions of gaim prior to 0.58 contain a buffer overflow in the
	Jabber plug-in module.

	Users of gaim should update to these errata packages containing gaim
	0.59 which is not vulnerable to this issue."
	(from Red Hat Advisory)

3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install gaim

   	b) Updating manually...
	Download the updates below for your version of Yellow Dog Linux
	and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]

		Yellow Dog Linux 2.3
			  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
				ppc/gaim-0.59-0.2.3a.ppc.rpm

		Yellow Dog Linux 2.2
			  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/
				ppc/gaim-0.59-0.2.2a.ppc.rpm
			  	

4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 2.3]
eb208c74bcd3b5b358d963b6fc32174  ppc/gaim-0.59-0.2.3a.ppc.rpm
024dc45f18a79f45e8523786000597af  SRPMS/gaim-0.59-0.2.3a.src.rpm

[Yellow Dog Linux 2.2]
26b430d236c2cd66a1b296e2b62b6310  ppc/gaim-0.59-0.2.2a.ppc.rpm
c188affe06c71ab1bf0e53ecb2c106d4  SRPMS/gaim-0.59-0.2.2a.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml