INSECURITY NEWS / USERFRIENDLY

GAIM PPC and IBM S/ 390 systems running Gaim is an Internet Messaging client. A Gaim. The Common Vulnerabilities and Fetchmail is a remote retrieval and heap-based buffer overflow issue was Exposures project has assigned the name forwarding utility. The fetchmail mail discovered in the way Gaim processes CAN-2005-2370 to this issue. program retrieves mail from servers and away messages. A remote attacker could Debian reference: DSA-769-1 forwards it via SMTP, so that it can be send a specially crafted away message to Gentoo reference: GLSA 200508-06 read by mail user agents such as a Gaim user logged into AIM or ICQ that Red Hat reference: RHSA-2005:627-11 and elm. could result in arbitrary code execution. Suse reference: SUSE-SR:2005:017 A buffer overflow was discovered in The Common Vulnerabilities and Expo- fetchmail’s POP3 client. It is possible sures project has assigned the name that a malicious server could send a CAN-2005-2103 to this issue. CUPS carefully crafted message UID and cause Daniel Atallah discovered a denial of The Common Printing System fetchmail to crash or potentially execute service issue in Gaim. A remote attacker (CUPS) provides a portable printing arbitrary code as the user running fetch- could attempt to upload a file with a layer for UNIX and Linux operating mail. specially crafted name to a user logged systems. When processing a PDF file, The Common Vulnerabilities and Expo- into AIM or ICQ, causing Gaim to crash. bounds checking was not correctly per- sures project assigned the name CAN- The Common Vulnerabilities and Expo- formed on some fields. This could cause 2005-2335 to this issue. Users of fetch- sures project has assigned the name the pdftops filter (running as user “lp”) mail should update to the latest package, CAN-2005-2102 to this issue. A denial of to crash. The Common Vulnerabilities which contains a backported patch to service bug was found in Gaim’s Gadu and Exposures project has assigned the correct this issue. Gadu protocol handler. A remote name CAN-2005-2097 to this issue. All Debian reference: DSA-774-1 attacker could send a specially crafted users of CUPS should install a patch to Gentoo reference: GLSA 200507-21 message to a Gaim user logged into correct this issue. Red Hat reference: RHSA-2005:640-08 Gadu Gadu, causing Gaim to crash. Mandriva reference: MDKSA-2005:138 Slackware reference: SSA:2005-203-05 Please note that this issue only affects Red Hat reference: RHSA-2005:706-04 Suse reference: SUSE-SR:2005:018

WWW.LINUX - MAGAZINE.COM ISSUE 59 OCTOBER 2005 17