[SECURITY] Fedora 8 Update: centerim-4.22.4-1.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Apr 1 21:38:25 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2867
2008-04-01 21:13:43
--------------------------------------------------------------------------------

Name        : centerim
Product     : Fedora 8
Version     : 4.22.4
Release     : 1.fc8
URL         : http://www.centerim.org/
Summary     : Text mode menu- and window-driven IM
Description :
CenterIM is a text mode menu- and window-driven IM interface that supports
the ICQ2000, Yahoo!, MSN, AIM TOC, IRC, Gadu-Gadu and Jabber protocols.
Internal RSS reader and a client for LiveJournal are provided.

--------------------------------------------------------------------------------
Update Information:

This update fixes the CVE-2008-1467 security issue by disabling the "actions"
configuration altogether. Furthermore the default web browser is no longer
configurable in CenterIM. The links get open in the default web browser
configured, using xdg-utils.    This release adds support for new versions of
Yahoo IM protocol. Unless you apply this update, you won't be able to use Yahoo
IM after April 2nd 2008.    Please note:    To avoid compatibility and
confidentiality problems with an undocumented protocol transported unencrypted
over third-party controlled network, all users of Yahoo IM protocol are
encouraged to switch to open and free alternatives, such as XMPP used in Jabber
network.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #438871 - CVE-2008-1467 CenterIM passes unescaped URLs to shell
        https://bugzilla.redhat.com/show_bug.cgi?id=438871
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update centerim' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list