[Security Announce] [ MDVSA-2008:143 ] - Updated pidgin packages fix MSN protocol handler vulnerability

[news 28]

This is a multi-part message in MIME format...

 

------------=_1215744631-11275-7270

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:143

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : pidgin

Date : July 10, 2008

Affected: 2008.0, 2008.1

_______________________________________________________________________

 

Problem Description:

 

An integer overflow flaw was found in Pidgin's MSN protocol handler

that could allow for the execution of arbitrary code if a user received

a malicious MSN message (CVE-2008-2927).

 

In addition, this update provides the ability to use ICQ networks

again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin

for 2008.1).

 

The updated packages have been patched to correct this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

509b0087973fa73ce677f3df84533ea5 2008.0/i586/finch-2.2.1-2.1mdv2008.0.i586.rpm

587ee9d2853cfcc848c8a133b90c112d 2008.0/i586/libfinch0-2.2.1-2.1mdv2008.0.i586.rpm

55b077915a8fe399bf24817bbd06c204 2008.0/i586/libpurple0-2.2.1-2.1mdv2008.0.i586.rpm

eda90e586e160243de149c01bf60922e 2008.0/i586/libpurple-devel-2.2.1-2.1mdv2008.0.i586.rpm

64e11e5aafa3bae3261579e52ff61102 2008.0/i586/pidgin-2.2.1-2.1mdv2008.0.i586.rpm

b616662d66460eefa94e67773f63679d 2008.0/i586/pidgin-bonjour-2.2.1-2.1mdv2008.0.i586.rpm

0a40b9f6e0ebd896bc5cadf9c941c0aa 2008.0/i586/pidgin-client-2.2.1-2.1mdv2008.0.i586.rpm

0ec01e1a48745a5c712cd6461096793c 2008.0/i586/pidgin-facebook-2.2.1-2.1mdv2008.0.i586.rpm

3d35a41a95190a645d23942e50c0d836 2008.0/i586/pidgin-gevolution-2.2.1-2.1mdv2008.0.i586.rpm

08d55606cdc47a373a2f00d96384798f 2008.0/i586/pidgin-i18n-2.2.1-2.1mdv2008.0.i586.rpm

507385fff430c937cdae2b905fef68f9 2008.0/i586/pidgin-meanwhile-2.2.1-2.1mdv2008.0.i586.rpm

0b16d9e4d7e45d5693545dc91117524e 2008.0/i586/pidgin-mono-2.2.1-2.1mdv2008.0.i586.rpm

3dd2f3b6715406f6d49c89361f494063 2008.0/i586/pidgin-perl-2.2.1-2.1mdv2008.0.i586.rpm

ae910793ab236990d8918552f49f7ae9 2008.0/i586/pidgin-silc-2.2.1-2.1mdv2008.0.i586.rpm

5d025e8085e9dac3cfac0fa8eb29c561 2008.0/i586/pidgin-tcl-2.2.1-2.1mdv2008.0.i586.rpm

e36f85784a84514af05b6cd4a2355a87 2008.0/SRPMS/pidgin-2.2.1-2.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

e2f11fa982f7d51a45770c7032be086e 2008.0/x86_64/finch-2.2.1-2.1mdv2008.0.x86_64.rpm

2cd2bd84268ba18d2ee6c493ed3bfbd1 2008.0/x86_64/lib64finch0-2.2.1-2.1mdv2008.0.x86_64.rpm

55e3d0067ef6ab5b6bd4acfce578a6d8 2008.0/x86_64/lib64purple0-2.2.1-2.1mdv2008.0.x86_64.rpm

98c5f4f751041662eef46be53a331b3a 2008.0/x86_64/lib64purple-devel-2.2.1-2.1mdv2008.0.x86_64.rpm

9a2f1a20abcd75a6bca90a4fcbf73e44 2008.0/x86_64/pidgin-2.2.1-2.1mdv2008.0.x86_64.rpm

6afdf79793b66b0ea59cdeb57f65011e 2008.0/x86_64/pidgin-bonjour-2.2.1-2.1mdv2008.0.x86_64.rpm

950bb83e3232d522be12bd09a618d9e3 2008.0/x86_64/pidgin-client-2.2.1-2.1mdv2008.0.x86_64.rpm

cafa5a63cfe7b3da268c4d667614f5bb 2008.0/x86_64/pidgin-facebook-2.2.1-2.1mdv2008.0.x86_64.rpm

e29a3161a12b981e105e354cfc901c9c 2008.0/x86_64/pidgin-gevolution-2.2.1-2.1mdv2008.0.x86_64.rpm

af56fd50efa80cc9601672b3b8953248 2008.0/x86_64/pidgin-i18n-2.2.1-2.1mdv2008.0.x86_64.rpm

013b49fdc2961a376fdee9dcfb2f6eb7 2008.0/x86_64/pidgin-meanwhile-2.2.1-2.1mdv2008.0.x86_64.rpm

3e04e61ccda3ee5522ec6f762b9aaaee 2008.0/x86_64/pidgin-mono-2.2.1-2.1mdv2008.0.x86_64.rpm

89a96f61d4e9baeb29eb543720a6b2dd 2008.0/x86_64/pidgin-perl-2.2.1-2.1mdv2008.0.x86_64.rpm

8ed2fe28fc433d1955e84815e7fe6bfc 2008.0/x86_64/pidgin-silc-2.2.1-2.1mdv2008.0.x86_64.rpm

5bca0408021ba9ed219cccb00b50553d 2008.0/x86_64/pidgin-tcl-2.2.1-2.1mdv2008.0.x86_64.rpm

e36f85784a84514af05b6cd4a2355a87 2008.0/SRPMS/pidgin-2.2.1-2.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

a0a2b96d3c2e07f7c8ade41b14356da4 2008.1/i586/finch-2.4.1-2.2mdv2008.1.i586.rpm

a651dd51073999681404e9d4f9911e40 2008.1/i586/libfinch0-2.4.1-2.2mdv2008.1.i586.rpm

86d8f6679e31ac72c9d8b1cf6c6abe23 2008.1/i586/libpurple0-2.4.1-2.2mdv2008.1.i586.rpm

8c030456211c723164c6cfa3cf27bc00 2008.1/i586/libpurple-devel-2.4.1-2.2mdv2008.1.i586.rpm

165ae136a6801c8e3b152cf131689e58 2008.1/i586/pidgin-2.4.1-2.2mdv2008.1.i586.rpm

bcac01478d3bf6e27e3a2d93c5ac48d7 2008.1/i586/pidgin-bonjour-2.4.1-2.2mdv2008.1.i586.rpm

9a52067105cb7b43f0aa373dc52bef3e 2008.1/i586/pidgin-client-2.4.1-2.2mdv2008.1.i586.rpm

fe5771389c06733b5b8cf2aa2bc67db0 2008.1/i586/pidgin-gevolution-2.4.1-2.2mdv2008.1.i586.rpm

953152aea997453e835a7abb4c9c77df 2008.1/i586/pidgin-i18n-2.4.1-2.2mdv2008.1.i586.rpm

b9fed85e3fdbb7fdec2e54bfdd34c9e3 2008.1/i586/pidgin-meanwhile-2.4.1-2.2mdv2008.1.i586.rpm

91b42d2b70c9136c4be3b74258dbab87 2008.1/i586/pidgin-mono-2.4.1-2.2mdv2008.1.i586.rpm

24a94402a42079c6c6d69d9d16b523ca 2008.1/i586/pidgin-perl-2.4.1-2.2mdv2008.1.i586.rpm

9daeb10a70822bbfdba6a168bb08344d 2008.1/i586/pidgin-silc-2.4.1-2.2mdv2008.1.i586.rpm

2c3c4832a7f491b81a64404d17e01070 2008.1/i586/pidgin-tcl-2.4.1-2.2mdv2008.1.i586.rpm

61d05852f634d5d509b00d40e25bed19 2008.1/SRPMS/pidgin-2.4.1-2.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

0c285ec7f81a08d3ebb368abe16fbb8f 2008.1/x86_64/finch-2.4.1-2.2mdv2008.1.x86_64.rpm

f9116830b3d96d1014fdcc0a70d4567a 2008.1/x86_64/lib64finch0-2.4.1-2.2mdv2008.1.x86_64.rpm

464b0531188b3a5fb70441764208f9f2 2008.1/x86_64/lib64purple0-2.4.1-2.2mdv2008.1.x86_64.rpm

6198756941ef340dc23b07b6b342cb50 2008.1/x86_64/lib64purple-devel-2.4.1-2.2mdv2008.1.x86_64.rpm

cb2588ca2ddaf94aa808ab5041e24c77 2008.1/x86_64/pidgin-2.4.1-2.2mdv2008.1.x86_64.rpm

b0c515b5d144076575c34a461ae51d65 2008.1/x86_64/pidgin-bonjour-2.4.1-2.2mdv2008.1.x86_64.rpm

9b1dee6aeb0ea58d6af015c9bc3dce1b 2008.1/x86_64/pidgin-client-2.4.1-2.2mdv2008.1.x86_64.rpm

5b5bb13dcd6e4010ff9ba2f8eb0fe999 2008.1/x86_64/pidgin-gevolution-2.4.1-2.2mdv2008.1.x86_64.rpm

d40b42b60eb624155661a92b2e9ce421 2008.1/x86_64/pidgin-i18n-2.4.1-2.2mdv2008.1.x86_64.rpm

dba89ed53c87388ab386622445585094 2008.1/x86_64/pidgin-meanwhile-2.4.1-2.2mdv2008.1.x86_64.rpm

5004f75616437e7568df52c535957ab7 2008.1/x86_64/pidgin-mono-2.4.1-2.2mdv2008.1.x86_64.rpm

e7b4f4b7572fbf0a97a7357381c963df 2008.1/x86_64/pidgin-perl-2.4.1-2.2mdv2008.1.x86_64.rpm

4eb4a4e308b6d944d568265c762595c6 2008.1/x86_64/pidgin-silc-2.4.1-2.2mdv2008.1.x86_64.rpm

ec0ca5b5956d983f705780610dee4f06 2008.1/x86_64/pidgin-tcl-2.4.1-2.2mdv2008.1.x86_64.rpm

61d05852f634d5d509b00d40e25bed19 2008.1/SRPMS/pidgin-2.4.1-2.2mdv2008.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIdp8PmqjQ0CJFipgRAtvpAJ49ShN9VRjdghv5P/0ClFJZ/4HeKACgmKDu

RnnwTwhqG7EveiZ0caFGG3g=

=kzVv

-----END PGP SIGNATURE-----

 

 

------------=_1215744631-11275-7270

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1215744631-11275-7270--