Yellow Dog Linux Security Announcement -------------------------------------- Package: gaim Issue Date: October 20, 2002 Priority: medium Advisory ID: YDU-20021020-4 1. Topic: Updated gaim packages are available. 2. Problem: "Gaim is an all-in-one instant messaging client that lets you use a number of messaging protocols such as AIM, ICQ, and Yahoo, all at once. Versions of gaim prior to 0.59.1 contain a bug in the URL handler of the manual browser option. A link can be carefully crafted to contain an arbitrary shell script which will be executed if the user clicks on the link. Users of gaim should update to these errata packages containing gaim 0.59.1 which is not vulnerable to this issue." (from Red Had advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install gaim b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ ppc/gaim-0.59.1-0.7.3.3a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- 779c4ef58b9cf3bd0ec64e5f8f5214cd ppc/gaim-0.59.1-0.7.3.3a.ppc.rpm ca6ebffcf37ebcf27ba97c575d05bc26 SRPMS/gaim-0.59.1-0.7.3.3a.src.rpm I wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml