CVE-2005-2370
CVSS5.0
发布时间 :2005-07-26 00:00:00
修订时间 :2016-10-17 23:26:22
NMCOP    

[原文]Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.


[CNNVD]ekg libgadu 内存队列错误漏洞(CNNVD-200507-266)

        Eksperymentalny Klient Gadu-Gadu(EKG)是一款支持Gadu-Gadu的通信客户端程序。
        Ekg的libgadu存在内存队列错误导致的缓冲区溢出漏洞。攻击者通过某种特定结构可以导致拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/a:ekg:ekg:1.5
cpe:/a:ekg:ekg:1.4
cpe:/a:ekg:ekg:1.3
cpe:/a:ekg:ekg:1.1
cpe:/a:ekg:ekg:1.6_rc1
cpe:/a:ekg:ekg:2005-04-11
cpe:/a:rob_flynn:gaim:1.4.0
cpe:/a:ekg:ekg:2005-06-05

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10456Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2370
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2370
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-266
(官方数据源) CNNVD

- 其它链接及资源

http://gaim.sourceforge.net/security/index.php?id=20
(UNKNOWN)  CONFIRM  http://gaim.sourceforge.net/security/index.php?id=20
http://marc.info/?l=bugtraq&m=112198499417250&w=2
(UNKNOWN)  BUGTRAQ  20050721 Multiple vulnerabilities in libgadu and ekg package
http://www.debian.org/security/2005/dsa-813
(UNKNOWN)  DEBIAN  DSA-813
http://www.debian.org/security/2007/dsa-1318
(UNKNOWN)  DEBIAN  DSA-1318
http://www.redhat.com/support/errata/RHSA-2005-627.html
(UNKNOWN)  REDHAT  RHSA-2005:627
http://www.securityfocus.com/archive/1/archive/1/426078/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:158543
http://www.securityfocus.com/bid/24600
(UNKNOWN)  BID  24600

- 漏洞信息

ekg libgadu 内存队列错误漏洞
中危 其他
2005-07-26 00:00:00 2006-06-14 00:00:00
远程  
        Eksperymentalny Klient Gadu-Gadu(EKG)是一款支持Gadu-Gadu的通信客户端程序。
        Ekg的libgadu存在内存队列错误导致的缓冲区溢出漏洞。攻击者通过某种特定结构可以导致拒绝服务。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://ftp.kde.org/pub/kde/security_patches/

- 漏洞信息 (F57309)

Debian Linux Security Advisory 1318-1 (PacketStormID:F57309)
2007-06-26 00:00:00
Debian  debian.org
advisory,remote,vulnerability
linux,debian
CVE-2005-2370,CVE-2005-2448,CVE-2007-1663,CVE-2007-1664,CVE-2007-1665
[点击下载]

Debian Security Advisory 1318-1 - Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1318-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
June 22nd, 2007                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ekg
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665

Several remote vulnerabilities have been discovered in ekg, a console
Gadu Gadu client. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2005-2370

    It was discovered that memory alignment errors may allow remote
    attackers to cause a denial of service on certain architectures
    such as sparc. This only affects Debian Sarge.

CVE-2005-2448

    It was discovered that several endianess errors may allow remote
    attackers to cause a denial of service. This only affects 
    Debian Sarge.

CVE-2007-1663

    It was discovered that a memory leak in handling image messages may
    lead to denial of service. This only affects Debian Etch.

CVE-2007-1664

    It was discovered that a null pointer deference in the token OCR code
    may lead to denial of service. This only affects Debian Etch.

CVE-2007-1665

    It was discovered that a memory leak in the token OCR code may lead
    to denial of service. This only affects Debian Etch.

For the oldstable distribution (sarge) these problems have been fixed in
version 1.5+20050411-7. This updates lacks updated packages for the m68k
architecture. They will be provided later.

For the stable distribution (etch) these problems have been fixed
in version 1:1.7~rc2-1etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1:1.7~rc2-2.

We recommend that you upgrade your ekg packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc
      Size/MD5 checksum:      755 c13c5003913b5a6826a2318ff6457466
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz
      Size/MD5 checksum:    43213 bbcdcf5b7acf8df37c6557fb3caf65f2
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
      Size/MD5 checksum:   495079 bc246779de6f6c97f289e60b60db6c14

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb
      Size/MD5 checksum:   313386 5f9e1df11e20416d456550fbc7272b6b
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb
      Size/MD5 checksum:   154124 fbfb2b2dac00fd0b8f8d520a034808e1
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb
      Size/MD5 checksum:    70480 bbc1774ca41b284d7077075b2e54e094

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb
      Size/MD5 checksum:   280046 8afce052b5a90e52d98bb5056b4c3677
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb
      Size/MD5 checksum:   129478 cb4c07f3a023501dc4282a949ae6f0c3
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb
      Size/MD5 checksum:    64766 91cb2126b68ad573beb3cf71a10a4862

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb
      Size/MD5 checksum:   268022 8e83e14d2221e43e0f84d21004ecdc6e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb
      Size/MD5 checksum:   129516 75f62242848fcd8c04a769d8b2b70fb3
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb
      Size/MD5 checksum:    62650 9f1005a1902d5f088f8916113da1d9fa

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb
      Size/MD5 checksum:   288256 2f760288780881eff8c000a7d5287ab7
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb
      Size/MD5 checksum:   135902 42d5b64ede073387c03f914c2f3b9a7d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb
      Size/MD5 checksum:    69330 31208354bcb32e72e812f773cb5bd582

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_i386.deb
      Size/MD5 checksum:   269760 fee79fac0639b2b80cb8e29df80b267c
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb
      Size/MD5 checksum:   126480 a428c99fb8b13a9ae1c691cc5d65420e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_i386.deb
      Size/MD5 checksum:    63604 be480904f42852892049fa980a8ba521

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_ia64.deb
      Size/MD5 checksum:   355486 6425e823262700c3d06d6dc28bd5a889
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb
      Size/MD5 checksum:   150436 02a50df61a2fe956ba62e76367c169c7
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_ia64.deb
      Size/MD5 checksum:    80364 1fef77a49dd87394b691b5623c72607b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mips.deb
      Size/MD5 checksum:   281056 d819d23c9ef923a282e74af566013761
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb
      Size/MD5 checksum:   132178 1d2366458dd2e9c7d6d507adde131308
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mips.deb
      Size/MD5 checksum:    61982 83ae72d761312226134db573f078ab83

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mipsel.deb
      Size/MD5 checksum:   280690 314d213d4296f1a231e8534becff7405
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb
      Size/MD5 checksum:   132164 8d7c1227c0f36c33a0952765e9f2dca4
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mipsel.deb
      Size/MD5 checksum:    61972 f1b286a5c481f1ea487af4c6c9864d23

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_powerpc.deb
      Size/MD5 checksum:   280810 a123142acdbf773bfbcff1a55584aa19
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb
      Size/MD5 checksum:   131878 0635d337c8bae23f613448d560acc61d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_powerpc.deb
      Size/MD5 checksum:    65974 2736e6c7114bcd6a281f5a7e2e43351a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_s390.deb
      Size/MD5 checksum:   279310 3a9db64ccd003295eadd2c1d0b9b640e
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb
      Size/MD5 checksum:   128964 9d7752770b05bafdf8e8ea09eb58a15f
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_s390.deb
      Size/MD5 checksum:    64442 729126714688fa21a339b8d22a545bd2

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_sparc.deb
      Size/MD5 checksum:   269676 a07e3241c1d7cb106bfb8e3002665757
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb
      Size/MD5 checksum:   128524 2b66271a6ef4c18fc040832145a1e83b
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_sparc.deb
      Size/MD5 checksum:    64668 90418a7aeea9c7ce980de5c46e871a9f

Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.dsc
      Size/MD5 checksum:      750 f776cbffc3c5757239311f68cbb06863
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz
      Size/MD5 checksum:    36873 1ed9055534fa44d865262b14f8b30341
    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
      Size/MD5 checksum:   514073 b4ea482130e163af1456699e2e6983d9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_alpha.deb
      Size/MD5 checksum:   319638 61b5664b0460876546de510fbd0059a9
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb
      Size/MD5 checksum:   160798 6d3bdb00bb1432e45423f832337f6087
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_alpha.deb
      Size/MD5 checksum:    74902 46be93166fa4c5a293ac71d89777fed8

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_amd64.deb
      Size/MD5 checksum:   299404 03a5d6a3e922b849f20029a8ff7998f4
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb
      Size/MD5 checksum:   135146 41b387de4cf01fe6da695594c94b20aa
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_amd64.deb
      Size/MD5 checksum:    69188 a463fefd5a7ba02d63d2ce30274d4aa1

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_arm.deb
      Size/MD5 checksum:   286656 b54c96a818dd03ca8495fdf695344b3d
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb
      Size/MD5 checksum:   131622 91543dea78bcd279f0bff1e19e75822b
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_arm.deb
      Size/MD5 checksum:    67496 83b69e379ed35e86555c5dda94ce7a63

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_hppa.deb
      Size/MD5 checksum:   309102 6d63580fbeff38010fc50c41e8586ead
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb
      Size/MD5 checksum:   141536 aaac39e76b748763e8fd0cfa98d8dde8
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_hppa.deb
      Size/MD5 checksum:    73240 ad652a0bf5df9f67dd3836af637d89f2

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb
      Size/MD5 checksum:   282332 cea1b184efefb7454b6c0b25a3e8d875
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb
      Size/MD5 checksum:   131262 ab42291b25f3501983ea1fa3e61e5832
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb
      Size/MD5 checksum:    67370 28242d8c48f5cf14b7cdd1dff1c8f44d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_ia64.deb
      Size/MD5 checksum:   394586 75bf8f5b8890dffbc539d79105f31896
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb
      Size/MD5 checksum:   157904 d2891a73971207417313c5217cba4641
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_ia64.deb
      Size/MD5 checksum:    86568 d760ad9563615e5a76f46f50ba87b94e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mips.deb
      Size/MD5 checksum:   297038 8bf5b347f3b25110a7fe7e0b9a171899
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb
      Size/MD5 checksum:   140652 6cb382cf6a63b5b02701b60b9ca0d6a2
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mips.deb
      Size/MD5 checksum:    66324 8bd8e1c3a08ef2f59a4127c60bccae7a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mipsel.deb
      Size/MD5 checksum:   297042 f5b2271e9e64c0fd2de08569b7a4fcae
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb
      Size/MD5 checksum:   140598 ab9c505c30d97a14e92d283f4e42a861
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mipsel.deb
      Size/MD5 checksum:    66384 7ac15a45f175d9e7dd0d9e9ff7387a27

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_powerpc.deb
      Size/MD5 checksum:   297622 22e279870a880ac1c6dfc71ac42f30bb
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb
      Size/MD5 checksum:   136040 fdd5e885773c0dcf69f25e810f2e4bbc
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_powerpc.deb
      Size/MD5 checksum:    69932 49df2e6b8d5435e12d8eb6ff2881ab4a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_s390.deb
      Size/MD5 checksum:   302738 1653f57ea628f86c96568c64847dc176
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb
      Size/MD5 checksum:   134614 6801cc3c2cfbf17f41284ef351d6d6c8
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_s390.deb
      Size/MD5 checksum:    69440 d63382b49cb1f66af8f9bac116a701f5

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_sparc.deb
      Size/MD5 checksum:   286648 93f735711c69d3add89f6c58050b426c
    http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb
      Size/MD5 checksum:   133128 515716db148f7292a7793672bc6cff1f
    http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_sparc.deb
      Size/MD5 checksum:    67892 59f7df3b28746ba3943b465cfaa8f7b1


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGfEFhXm3vHE4uyloRAv9/AKDEte+fsrFBf4A/G+1mPImx3XUpKACguq0+
MjOH56NLrMDywrUd1VZovL8=
=pKfV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F39005)

Debian Linux Security Advisory 769-1 (PacketStormID:F39005)
2005-08-05 00:00:00
Debian  security.debian.org
advisory,denial of service,x86,protocol
linux,debian
CVE-2005-2370
[点击下载]

Debian Security Advisory DSA 769-1 - Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 769-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 29th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gaim
Vulnerability  : memory alignment bug
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2370

Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well.  This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.

The old stable distribution (woody) does not seem to be affected by
this problem.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.1-1.4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your gaim package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.dsc
      Size/MD5 checksum:      915 3bee538026c525a384cbe0865d110c78
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.diff.gz
      Size/MD5 checksum:    31681 382649de95e8cf1417c5170d1a8a372e
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1.orig.tar.gz
      Size/MD5 checksum:  5215565 866598947a30005c9d2a4466c7182e2a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gaim/gaim-data_1.2.1-1.4_all.deb
      Size/MD5 checksum:  2838720 d1b16e84e0141e8030485e36339f4faa

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_alpha.deb
      Size/MD5 checksum:  1068846 ebb2a8902f38292e34b6dc08c28a1fcd
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_alpha.deb
      Size/MD5 checksum:   102374 fb9bcb085067d216f57d39a332f2820d

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_arm.deb
      Size/MD5 checksum:   817860 23f78add9104cf3e5f79b7cd304fb3f7
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_arm.deb
      Size/MD5 checksum:   102410 b2df8a242b943aa0d1a9b6e8148169a2

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_i386.deb
      Size/MD5 checksum:   879294 d2716bd687b657f2208ad0585c13d691
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_i386.deb
      Size/MD5 checksum:   102360 4120bc2abace13ca4374651db973f448

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_ia64.deb
      Size/MD5 checksum:  1264312 5204cd503aed191f1cba6cfa6705f5c1
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_ia64.deb
      Size/MD5 checksum:   102360 69787fd4685f53e21c4bf7c2df0ecdc6

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_hppa.deb
      Size/MD5 checksum:  1007084 92d7692ec48a6311177f752049ced338
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_hppa.deb
      Size/MD5 checksum:   102412 d11aa9dca9554e751f15e2345e724b43

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_m68k.deb
      Size/MD5 checksum:   815858 ccb750c04cffe4026096da9bc1d322bd
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_m68k.deb
      Size/MD5 checksum:   102480 3dc4d6008736ff7ef71960587ef349ec

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_mips.deb
      Size/MD5 checksum:   855152 23092ea32cdc78dd67e50723444c38d5
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mips.deb
      Size/MD5 checksum:   102382 d6d1c8c62c8ebc2eeb4a6cb5e2ab52f1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_mipsel.deb
      Size/MD5 checksum:   846462 14cc63bc73903ffd3b391d8d3be0c326
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mipsel.deb
      Size/MD5 checksum:   102378 f0e724ffce6ce9d80c75c4f77a341a67

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_powerpc.deb
      Size/MD5 checksum:   913460 baa3230e8857033cb9e480ecda99b01d
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_powerpc.deb
      Size/MD5 checksum:   102384 fb572b59ed02992ba80dc8c6aab6db91

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_s390.deb
      Size/MD5 checksum:   946240 f431a8a8595dbe5c5b26148f9504bda0
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_s390.deb
      Size/MD5 checksum:   102380 d7bb41baeb1391be34b1c9642ecb22a5

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_sparc.deb
      Size/MD5 checksum:   850810 73b4bdb1206ba5b0f2a5bda0cf061470
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_sparc.deb
      Size/MD5 checksum:   102380 7d112554def1191e36f50755ca21c7f8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC6dvqW5ql+IAeqTIRAiYMAJ9tbYHKcEgLovyXhZ/+5w4BRWP8awCggJOR
TqUQ0OtKA45RTSOzIrKmTAg=
=9WEt
-----END PGP SIGNATURE-----

    

- 漏洞信息

18126
libgadu on SPARC Incoming Message Memory Alignment Error

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-21 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.6rc3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站