Yellow Dog Linux Security Advisory: YDU-20020810-4
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Sat, 10 Aug 2002 01:17:05 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: gaim
Issue Date: August 10, 2002
Priority: medium
Advisory ID: YDU-20020810-4
1. Topic:
Updated gaim packages are available.
2. Problem:
"Updated gaim packages are now available for [Yellow Dog Linux 2.2 and
2.3]. These updates fix a buffer overflow in the Jabber plug-in module.
Gaim is an instant messaging client based on the published TOC protocol
from AOL. Versions of gaim prior to 0.58 contain a buffer overflow in the
Jabber plug-in module.
Users of gaim should update to these errata packages containing gaim
0.59 which is not vulnerable to this issue."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install gaim
b) Updating manually...
Download the updates below for your version of Yellow Dog Linux
and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/gaim-0.59-0.2.3a.ppc.rpm
Yellow Dog Linux 2.2
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/
ppc/gaim-0.59-0.2.2a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 2.3]
eb208c74bcd3b5b358d963b6fc32174 ppc/gaim-0.59-0.2.3a.ppc.rpm
024dc45f18a79f45e8523786000597af SRPMS/gaim-0.59-0.2.3a.src.rpm
[Yellow Dog Linux 2.2]
26b430d236c2cd66a1b296e2b62b6310 ppc/gaim-0.59-0.2.2a.ppc.rpm
c188affe06c71ab1bf0e53ecb2c106d4 SRPMS/gaim-0.59-0.2.2a.src.rpm
I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml