Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[ MDVSA-2009:147 ] pidgin

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1246393260-4716-2

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:147

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : pidgin

Date : June 30, 2009

Affected: 2009.0, 2009.1

_______________________________________________________________________

 

Problem Description:

 

Security vulnerabilities has been identified and fixed in pidgin:

 

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin

(formerly Gaim) before 2.5.6 allows remote authenticated users to

execute arbitrary code via vectors involving an outbound XMPP file

transfer. NOTE: some of these details are obtained from third party

information (CVE-2009-1373).

 

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)

before 2.5.6 allows remote attackers to cause a denial of service

(application crash) via a QQ packet (CVE-2009-1374).

 

The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before

2.5.6 does not properly maintain a certain buffer, which allows

remote attackers to cause a denial of service (memory corruption

and application crash) via vectors involving the (1) XMPP or (2)

Sametime protocol (CVE-2009-1375).

 

Multiple integer overflows in the msn_slplink_process_msg functions in

the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and

(2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)

before 2.5.6 on 32-bit platforms allow remote attackers to execute

arbitrary code via a malformed SLP message with a crafted offset

value, leading to buffer overflows. NOTE: this issue exists because

of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).

 

This update provides pidgin 2.5.8, which is not vulnerable to these

issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376

http://pidgin.im/news/security/

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2009.0:

0b9c5812047b6913b62d962d6b2e23ce 2009.0/i586/finch-2.5.8-0.2mdv2009.0.i586.rpm

2e163af32cb31fcbadb823def93ed7f8 2009.0/i586/libfinch0-2.5.8-0.2mdv2009.0.i586.rpm

8ac2c52ffdab796e3dad1d38733064ff 2009.0/i586/libpurple0-2.5.8-0.2mdv2009.0.i586.rpm

f0db58c858207f9560548d949b48d261 2009.0/i586/libpurple-devel-2.5.8-0.2mdv2009.0.i586.rpm

5169c7ebe58ae7180849d7ed517121c8 2009.0/i586/pidgin-2.5.8-0.2mdv2009.0.i586.rpm

4d13d3689764970fa898c1fad1cc5764 2009.0/i586/pidgin-bonjour-2.5.8-0.2mdv2009.0.i586.rpm

a1830c84222ffc88855d8eb92c859641 2009.0/i586/pidgin-client-2.5.8-0.2mdv2009.0.i586.rpm

bf2b1e97c096cc0448d808a4a88b3f3e 2009.0/i586/pidgin-gevolution-2.5.8-0.2mdv2009.0.i586.rpm

f7fc2376cacab7d26ae56ee6b64349a0 2009.0/i586/pidgin-i18n-2.5.8-0.2mdv2009.0.i586.rpm

edaa8098fc045f2d62eb34520a15dc3f 2009.0/i586/pidgin-meanwhile-2.5.8-0.2mdv2009.0.i586.rpm

11ffe25c191b1e3e9960ed082390f7c4 2009.0/i586/pidgin-mono-2.5.8-0.2mdv2009.0.i586.rpm

7c52bfd76a126296d01db5f91070697e 2009.0/i586/pidgin-perl-2.5.8-0.2mdv2009.0.i586.rpm

f1a0e77257376b4ae76d3860798a1f48 2009.0/i586/pidgin-plugins-2.5.8-0.2mdv2009.0.i586.rpm

d9d098ba185b307bd6a1841e34b6f34f 2009.0/i586/pidgin-silc-2.5.8-0.2mdv2009.0.i586.rpm

85e866aa7309873647ee6dbd8e25f19b 2009.0/i586/pidgin-tcl-2.5.8-0.2mdv2009.0.i586.rpm

f58c790083e6cbe2e18ca162368b8222 2009.0/SRPMS/pidgin-2.5.8-0.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

1261bbf57c000e72386cc2527b5dc36f 2009.0/x86_64/finch-2.5.8-0.2mdv2009.0.x86_64.rpm

a8e36217c7bb9382fec36b3678d7f22a 2009.0/x86_64/lib64finch0-2.5.8-0.2mdv2009.0.x86_64.rpm

cc68a1500a192bcd1e1e74b01bfa88f6 2009.0/x86_64/lib64purple0-2.5.8-0.2mdv2009.0.x86_64.rpm

b023996495bfccbcc42546ee50d86cb8 2009.0/x86_64/lib64purple-devel-2.5.8-0.2mdv2009.0.x86_64.rpm

483d34d8c6dbd627c8f42ca7026c4891 2009.0/x86_64/pidgin-2.5.8-0.2mdv2009.0.x86_64.rpm

dd297e049a355c5a577fd6ff05fa8e1a 2009.0/x86_64/pidgin-bonjour-2.5.8-0.2mdv2009.0.x86_64.rpm

99552bd5cdc82dbcc654fce15f61d092 2009.0/x86_64/pidgin-client-2.5.8-0.2mdv2009.0.x86_64.rpm

b18bb378d4113d39cfd7f688b1d7d0e4 2009.0/x86_64/pidgin-gevolution-2.5.8-0.2mdv2009.0.x86_64.rpm

ddffc838f823bd823da1f9590ec70b92 2009.0/x86_64/pidgin-i18n-2.5.8-0.2mdv2009.0.x86_64.rpm

a5144eb447ec121820eae2d95429634a 2009.0/x86_64/pidgin-meanwhile-2.5.8-0.2mdv2009.0.x86_64.rpm

864a95349dc2f85f41d337f35f7e22d0 2009.0/x86_64/pidgin-mono-2.5.8-0.2mdv2009.0.x86_64.rpm

40117254cd1226cd29e233c48de1b6e2 2009.0/x86_64/pidgin-perl-2.5.8-0.2mdv2009.0.x86_64.rpm

45e24144e272a726ece9206bf2d7ca37 2009.0/x86_64/pidgin-plugins-2.5.8-0.2mdv2009.0.x86_64.rpm

7966dacf3a120cb25d463ae6cc96da66 2009.0/x86_64/pidgin-silc-2.5.8-0.2mdv2009.0.x86_64.rpm

c2f86df2348c18f6f88f0f044fc0858c 2009.0/x86_64/pidgin-tcl-2.5.8-0.2mdv2009.0.x86_64.rpm

f58c790083e6cbe2e18ca162368b8222 2009.0/SRPMS/pidgin-2.5.8-0.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

f67e4c3f8d66c7f41d138a0786bf002b 2009.1/i586/finch-2.5.8-0.2mdv2009.1.i586.rpm

a1458b3a10086562af8588b14a6e7648 2009.1/i586/libfinch0-2.5.8-0.2mdv2009.1.i586.rpm

9369bcf4e812f4085f0db10301f052ad 2009.1/i586/libpurple0-2.5.8-0.2mdv2009.1.i586.rpm

92f4b3e3fc1380dccbbc5b1d34cc3893 2009.1/i586/libpurple-devel-2.5.8-0.2mdv2009.1.i586.rpm

2146bd6f5200d0f92678481f4a570f14 2009.1/i586/pidgin-2.5.8-0.2mdv2009.1.i586.rpm

cfcd5d1fa2d5526c28fc63ac458ef0ef 2009.1/i586/pidgin-bonjour-2.5.8-0.2mdv2009.1.i586.rpm

6e3afaf1f4838268abef2ce4d285ff9f 2009.1/i586/pidgin-client-2.5.8-0.2mdv2009.1.i586.rpm

de326d636c98402ffdc1ee1e2e0daa4b 2009.1/i586/pidgin-gevolution-2.5.8-0.2mdv2009.1.i586.rpm

e7b3ff08b89ae7d3bd3ac06edbda2e34 2009.1/i586/pidgin-i18n-2.5.8-0.2mdv2009.1.i586.rpm

18991a44ed768591999de24430f0243b 2009.1/i586/pidgin-meanwhile-2.5.8-0.2mdv2009.1.i586.rpm

1cdd6f5ef69508e38354e24dea17e1a9 2009.1/i586/pidgin-mono-2.5.8-0.2mdv2009.1.i586.rpm

35188862c9641d841e85f5b22dad7449 2009.1/i586/pidgin-perl-2.5.8-0.2mdv2009.1.i586.rpm

7d4e325b6008d26458291e7b7951eaec 2009.1/i586/pidgin-plugins-2.5.8-0.2mdv2009.1.i586.rpm

e6c6d611f2f3085920a2715b6f1d01d8 2009.1/i586/pidgin-silc-2.5.8-0.2mdv2009.1.i586.rpm

0cadc9118ed484b073560423be0feaf4 2009.1/i586/pidgin-tcl-2.5.8-0.2mdv2009.1.i586.rpm

ebb50e4b0a97cc460e2d8486f3c01eed 2009.1/SRPMS/pidgin-2.5.8-0.2mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

d1b2d58b4e4c931e45c331b888ef1084 2009.1/x86_64/finch-2.5.8-0.2mdv2009.1.x86_64.rpm

57cc9ff2f0f54697c2490fbd8726b181 2009.1/x86_64/lib64finch0-2.5.8-0.2mdv2009.1.x86_64.rpm

7606985a068954fca5d16d7333ff2222 2009.1/x86_64/lib64purple0-2.5.8-0.2mdv2009.1.x86_64.rpm

6114731e237d3e5c066edc6a5a40290e 2009.1/x86_64/lib64purple-devel-2.5.8-0.2mdv2009.1.x86_64.rpm

66c33bfa51bdc6a125c776f76486f29e 2009.1/x86_64/pidgin-2.5.8-0.2mdv2009.1.x86_64.rpm

fc0d59febb37fd8422a57dd759130bb8 2009.1/x86_64/pidgin-bonjour-2.5.8-0.2mdv2009.1.x86_64.rpm

d781057e99674e435243a6fc1ccd9c50 2009.1/x86_64/pidgin-client-2.5.8-0.2mdv2009.1.x86_64.rpm

0ce092cc85f8024e33361f488ff5f617 2009.1/x86_64/pidgin-gevolution-2.5.8-0.2mdv2009.1.x86_64.rpm

0db0e946667615e20c3ce2aae0c8c840 2009.1/x86_64/pidgin-i18n-2.5.8-0.2mdv2009.1.x86_64.rpm

8ac630cc5228aabd7c64ebad0708dfbc 2009.1/x86_64/pidgin-meanwhile-2.5.8-0.2mdv2009.1.x86_64.rpm

71843c7958e5e037137ac62f52ec59a8 2009.1/x86_64/pidgin-mono-2.5.8-0.2mdv2009.1.x86_64.rpm

2b3a2fccde7218a226f07497ab18acda 2009.1/x86_64/pidgin-perl-2.5.8-0.2mdv2009.1.x86_64.rpm

6c13aed8b7090e0ce146b64fe479e822 2009.1/x86_64/pidgin-plugins-2.5.8-0.2mdv2009.1.x86_64.rpm

81ffeb84eea5f93f0e94e7035c858107 2009.1/x86_64/pidgin-silc-2.5.8-0.2mdv2009.1.x86_64.rpm

93ef210add576d311aa2a033cef3c77c 2009.1/x86_64/pidgin-tcl-2.5.8-0.2mdv2009.1.x86_64.rpm

ebb50e4b0a97cc460e2d8486f3c01eed 2009.1/SRPMS/pidgin-2.5.8-0.2mdv2009.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFKSkfAmqjQ0CJFipgRAjXiAJ0e+atKRUTzOr6SQ+DgOHwOvk02qgCeMPFg

+H4DlSU9YzPLzeKFhKFdE94=

=uRxq

-----END PGP SIGNATURE-----

 

 

------------=_1246393260-4716-2

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1246393260-4716-2--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×