[SECURITY] Fedora 7 Update: centerim-4.22.4-1.fc7.1

updates at fedoraproject.org updates at fedoraproject.org
Tue Apr 1 21:38:37 UTC 2008 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2869
2008-04-01 21:13:52
--------------------------------------------------------------------------------

Name        : centerim
Product     : Fedora 7
Version     : 4.22.4
Release     : 1.fc7.1
URL         : http://www.centerim.org/
Summary     : Text mode menu- and window-driven IM
Description :
CenterIM is a text mode menu- and window-driven IM interface that supports
the ICQ2000, Yahoo!, MSN, AIM TOC, IRC, Gadu-Gadu and Jabber protocols.
Internal RSS reader and a client for LiveJournal are provided.

--------------------------------------------------------------------------------
Update Information:

This update fixes the CVE-2008-1467 security issue by disabling the "actions"
configuration altogether. Furthermore the default web browser is no longer
configurable in CenterIM. The links get open in the default web browser
configured, using xdg-utils.    There won't be any update for centericq. All
users of centericq packages are advised to switch to centerim. In Fedora 7
centerim package provides symbolic link "centericq" that points to centerim
binary for compatibility with centericq. Note that centerim packages in later
releases of Fedora no longer provide this. CenterIM will automatically use
CenterICQ settings if ones are found in all releases of Fedora.    This release
adds support for new versions of Yahoo IM protocol. Unless you apply this
update, you won't be able to use Yahoo IM after April 2nd 2008.    Please note:
To avoid compatibility and confidentiality problems with an undocumented
protocol transported unencrypted over third-party controlled network, all users
of Yahoo IM protocol are encouraged to switch to open and free alternatives,
such as XMPP used in Jabber network.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #438871 - CVE-2008-1467 CenterIM passes unescaped URLs to shell
        https://bugzilla.redhat.com/show_bug.cgi?id=438871
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update centerim' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list