[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2010:148 ] pidgin

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2010:148 ] pidgin
From: security@xxxxxxxxxxxx
Date: Thu, 12 Aug 2010 16:49:00 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:148
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : August 12, 2010
 Affected: 2008.0, 2009.0, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in pidgin:
 
 The clientautoresp function in family_icbm.c in the oscar protocol
 plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated
 users to cause a denial of service (NULL pointer dereference and
 application crash) via an X-Status message that lacks the expected
 end tag for a (1) desc or (2) title element (CVE-2010-2528).
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 This update provides pidgin 2.7.3, which is not vulnerable to this
 issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528
 http://pidgin.im/news/security/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 e4fd99a595641b265da0fd1dc6d1ffcf  2008.0/i586/finch-2.7.3-0.1mdv2008.0.i586.rpm
 35d3eec60d6aee7cc349716c8e7bac52  
2008.0/i586/libfinch0-2.7.3-0.1mdv2008.0.i586.rpm
 562cfc92fb2c554bafaf09a8ef2944fb  
2008.0/i586/libpurple0-2.7.3-0.1mdv2008.0.i586.rpm
 a8a8569334d7974e5fbe194f36d358a4  
2008.0/i586/libpurple-devel-2.7.3-0.1mdv2008.0.i586.rpm
 b02ab7ea47017ff8cbf084ee4405ea22  
2008.0/i586/pidgin-2.7.3-0.1mdv2008.0.i586.rpm
 072207a6fd1e05838ae680e9203269d1  
2008.0/i586/pidgin-bonjour-2.7.3-0.1mdv2008.0.i586.rpm
 e6d3f52740bed9569021e1b153a6b53f  
2008.0/i586/pidgin-client-2.7.3-0.1mdv2008.0.i586.rpm
 a9f3bef0bfe4b85d41e313ebb225295a  
2008.0/i586/pidgin-gevolution-2.7.3-0.1mdv2008.0.i586.rpm
 fa1743cfca50eea23b441ca4e8a5f50b  
2008.0/i586/pidgin-i18n-2.7.3-0.1mdv2008.0.i586.rpm
 e0d5bd6ab76c0b17951b82f88e7e956c  
2008.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2008.0.i586.rpm
 f92bc4ee72d729f26f9ab7e2f385470f  
2008.0/i586/pidgin-perl-2.7.3-0.1mdv2008.0.i586.rpm
 32addf782d1a19b1fd40bfe73e51d357  
2008.0/i586/pidgin-plugins-2.7.3-0.1mdv2008.0.i586.rpm
 3d4a5d5b7e705dfdf5fe41ea39b75565  
2008.0/i586/pidgin-silc-2.7.3-0.1mdv2008.0.i586.rpm
 79b6080156d8e4688aa297e96d551c7a  
2008.0/i586/pidgin-tcl-2.7.3-0.1mdv2008.0.i586.rpm 
 ef57d4556f401871ea93163d0f6ff51a  
2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 2d04ae11eca52b5220f2fa6fbba33717  
2008.0/x86_64/finch-2.7.3-0.1mdv2008.0.x86_64.rpm
 1250c66561ceaba90237aed7e2a98356  
2008.0/x86_64/lib64finch0-2.7.3-0.1mdv2008.0.x86_64.rpm
 d2256ba7ef4f44a4c0627d2ce1b6b162  
2008.0/x86_64/lib64purple0-2.7.3-0.1mdv2008.0.x86_64.rpm
 5e1d536a439a01a8dcc1ed5197ebd280  
2008.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2008.0.x86_64.rpm
 ec9efec4fa7319a3e5d42a4d43ca7781  
2008.0/x86_64/pidgin-2.7.3-0.1mdv2008.0.x86_64.rpm
 c7f7c07bcf9ecaf6358a7740c4b22cbd  
2008.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2008.0.x86_64.rpm
 4ee28141dbb69a8be25c40fc7930269c  
2008.0/x86_64/pidgin-client-2.7.3-0.1mdv2008.0.x86_64.rpm
 6d8ebdb3204364475461e0ae1c01d2bf  
2008.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2008.0.x86_64.rpm
 d0c676e49c53364da58807fa2cad0a04  
2008.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2008.0.x86_64.rpm
 2dd48faece804b4d8dd46f8059cc877e  
2008.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2008.0.x86_64.rpm
 f68b63989cfc13e9670cb75b9479b2f8  
2008.0/x86_64/pidgin-perl-2.7.3-0.1mdv2008.0.x86_64.rpm
 ad286ee88a4acea3d1b0f4425d3582f5  
2008.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2008.0.x86_64.rpm
 d09967081926011d47e31dad0a6c2f89  
2008.0/x86_64/pidgin-silc-2.7.3-0.1mdv2008.0.x86_64.rpm
 1eb27150d5f14d5f46299e4c56a56904  
2008.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2008.0.x86_64.rpm 
 ef57d4556f401871ea93163d0f6ff51a  
2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 076963b985c194b076f9d86f05aaac0b  2009.0/i586/finch-2.7.3-0.1mdv2009.0.i586.rpm
 f6b17accc5a30052f0ca5b2ea2aad709  
2009.0/i586/libfinch0-2.7.3-0.1mdv2009.0.i586.rpm
 40f0de67c47f31565b67b75f5bef3898  
2009.0/i586/libpurple0-2.7.3-0.1mdv2009.0.i586.rpm
 6b8eda06a712c0c37984bcaae5e6fb6a  
2009.0/i586/libpurple-devel-2.7.3-0.1mdv2009.0.i586.rpm
 0ab13eac41ff8ef93701c8d7cad6f901  
2009.0/i586/pidgin-2.7.3-0.1mdv2009.0.i586.rpm
 072166d9e8ea9e474d47fc39ddb1991b  
2009.0/i586/pidgin-bonjour-2.7.3-0.1mdv2009.0.i586.rpm
 1129d2755380e21e66aff39b466ff517  
2009.0/i586/pidgin-client-2.7.3-0.1mdv2009.0.i586.rpm
 80a6c489a6dca369399077393e70febf  
2009.0/i586/pidgin-gevolution-2.7.3-0.1mdv2009.0.i586.rpm
 438f4448c4290b76b0e0b7dc7db64ded  
2009.0/i586/pidgin-i18n-2.7.3-0.1mdv2009.0.i586.rpm
 fc9c63394102d193848a5b72dbb233a6  
2009.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2009.0.i586.rpm
 cbe8886303178eaa539cacbe4c00d3a4  
2009.0/i586/pidgin-perl-2.7.3-0.1mdv2009.0.i586.rpm
 cc8264e62c50f01d9e1abe02a241bf5c  
2009.0/i586/pidgin-plugins-2.7.3-0.1mdv2009.0.i586.rpm
 c5a98ff8dd78ffe3e0862f076be82670  
2009.0/i586/pidgin-silc-2.7.3-0.1mdv2009.0.i586.rpm
 2b737da515c5b4690fe669e7714e7666  
2009.0/i586/pidgin-tcl-2.7.3-0.1mdv2009.0.i586.rpm 
 912b7ded0fe3a1d3379dcc35b1c71a19  
2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6fd5c7fffca5a8c448630f03576bf71f  
2009.0/x86_64/finch-2.7.3-0.1mdv2009.0.x86_64.rpm
 aac333dfc0acea060e03729538ac3aa3  
2009.0/x86_64/lib64finch0-2.7.3-0.1mdv2009.0.x86_64.rpm
 e732962dcf319f252cdcc50be8d4e641  
2009.0/x86_64/lib64purple0-2.7.3-0.1mdv2009.0.x86_64.rpm
 d76c51a9439d5c3db513ade1ebf7ef96  
2009.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2009.0.x86_64.rpm
 8e0c47428aea00708afdb0629b33b181  
2009.0/x86_64/pidgin-2.7.3-0.1mdv2009.0.x86_64.rpm
 1f0324d68b1dff46ac295eb10c05e850  
2009.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2009.0.x86_64.rpm
 2e326154cf2284f49d227a4cec970cc2  
2009.0/x86_64/pidgin-client-2.7.3-0.1mdv2009.0.x86_64.rpm
 2e36dc2d96f024df021e7acbbec0e70e  
2009.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2009.0.x86_64.rpm
 7419ec6a5bd4181042478ce21fdddfce  
2009.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2009.0.x86_64.rpm
 7ceaa4c90816f0307b4831c38e0e679f  
2009.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2009.0.x86_64.rpm
 266280938d9597dea48f53e8acc37348  
2009.0/x86_64/pidgin-perl-2.7.3-0.1mdv2009.0.x86_64.rpm
 2154dd887732ff4b06f33d961baf4507  
2009.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2009.0.x86_64.rpm
 0a774bbb60f2e6303999f846f8ffaee2  
2009.0/x86_64/pidgin-silc-2.7.3-0.1mdv2009.0.x86_64.rpm
 d10318a6d1a7a7fe5193c974eeec1959  
2009.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2009.0.x86_64.rpm 
 912b7ded0fe3a1d3379dcc35b1c71a19  
2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 8fda37f89816a43c013723c6af25e191  2010.0/i586/finch-2.7.3-0.1mdv2010.0.i586.rpm
 acc1b447c04b2d0bc3bc294b6ad05ed1  
2010.0/i586/libfinch0-2.7.3-0.1mdv2010.0.i586.rpm
 3714427fac881efce00130311225090e  
2010.0/i586/libpurple0-2.7.3-0.1mdv2010.0.i586.rpm
 ede8ed501bc9a8d9fc2125c02c714ab5  
2010.0/i586/libpurple-devel-2.7.3-0.1mdv2010.0.i586.rpm
 cca38e55bc6bcd6ed77e12aa9440dc2f  
2010.0/i586/pidgin-2.7.3-0.1mdv2010.0.i586.rpm
 442b92aadcd7218a4166b16e56079d11  
2010.0/i586/pidgin-bonjour-2.7.3-0.1mdv2010.0.i586.rpm
 b6d3272ae774a5d961108819c0229c66  
2010.0/i586/pidgin-client-2.7.3-0.1mdv2010.0.i586.rpm
 0ea8d73839491023323448aa5b0e1991  
2010.0/i586/pidgin-i18n-2.7.3-0.1mdv2010.0.i586.rpm
 2e22a31b0a218199641e7a30be2e8ccf  
2010.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.0.i586.rpm
 b5282c4d9735b3ee81011c93527c539b  
2010.0/i586/pidgin-perl-2.7.3-0.1mdv2010.0.i586.rpm
 c4e7719491ce0456df312cdb9f52cd5b  
2010.0/i586/pidgin-plugins-2.7.3-0.1mdv2010.0.i586.rpm
 f71fd2e28c33d8213d8c7380137255de  
2010.0/i586/pidgin-silc-2.7.3-0.1mdv2010.0.i586.rpm
 0cbf0fdba22b49ac756cf59a5e49f1ec  
2010.0/i586/pidgin-tcl-2.7.3-0.1mdv2010.0.i586.rpm 
 68155307c48ba4c4d83f8337f299d5b0  
2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 6987ee958cdfa7012b2e90beb2266d4f  
2010.0/x86_64/finch-2.7.3-0.1mdv2010.0.x86_64.rpm
 068a1712e8ddabb43193342727011a3a  
2010.0/x86_64/lib64finch0-2.7.3-0.1mdv2010.0.x86_64.rpm
 5696ffec1f7ebecc1d09794aad3f2f69  
2010.0/x86_64/lib64purple0-2.7.3-0.1mdv2010.0.x86_64.rpm
 369f365b0beab8b4d12dc818c087f069  
2010.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.0.x86_64.rpm
 a55cf9816776743e3defaff99d48d95e  
2010.0/x86_64/pidgin-2.7.3-0.1mdv2010.0.x86_64.rpm
 3e3297eff0fe50da1afb133fc1c6e92b  
2010.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.0.x86_64.rpm
 065c08529e685dc76b312c7084e74549  
2010.0/x86_64/pidgin-client-2.7.3-0.1mdv2010.0.x86_64.rpm
 3948da49ef61b00c01f614d9631c7268  
2010.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.0.x86_64.rpm
 a33bd79c0c77d48070ce251864a01867  
2010.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.0.x86_64.rpm
 16891e8ef38a4e196d75658fda987cfb  
2010.0/x86_64/pidgin-perl-2.7.3-0.1mdv2010.0.x86_64.rpm
 acd69903970f0fedc7fed460dce20f3d  
2010.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.0.x86_64.rpm
 488a28dc35c30d692beed85f1958266e  
2010.0/x86_64/pidgin-silc-2.7.3-0.1mdv2010.0.x86_64.rpm
 329f3dbfe3c1270d69512fc35714f006  
2010.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.0.x86_64.rpm 
 68155307c48ba4c4d83f8337f299d5b0  
2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 74579b9daf7829cf473571a5046d2683  2010.1/i586/finch-2.7.3-0.1mdv2010.1.i586.rpm
 49ff1a21cedb2887d87fcc8c2c01903f  
2010.1/i586/libfinch0-2.7.3-0.1mdv2010.1.i586.rpm
 942900adb56a0c155e1c25afc80f04fb  
2010.1/i586/libpurple0-2.7.3-0.1mdv2010.1.i586.rpm
 0d74232f3f1f22548f88d675e38eaae3  
2010.1/i586/libpurple-devel-2.7.3-0.1mdv2010.1.i586.rpm
 0e5e69388f92f48ffcdd5ca6f0c4a05f  
2010.1/i586/pidgin-2.7.3-0.1mdv2010.1.i586.rpm
 8c420084dcee03e585723613c54a03c5  
2010.1/i586/pidgin-bonjour-2.7.3-0.1mdv2010.1.i586.rpm
 6d39b7f80cfc84316569a93b68e20ffe  
2010.1/i586/pidgin-client-2.7.3-0.1mdv2010.1.i586.rpm
 ed4eecd54f2560d3037d0b738ba06140  
2010.1/i586/pidgin-i18n-2.7.3-0.1mdv2010.1.i586.rpm
 9309a8693cf0d00a5dbcc3037593388f  
2010.1/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.1.i586.rpm
 54e73fbbe5170751735b2f09b63b1d9b  
2010.1/i586/pidgin-perl-2.7.3-0.1mdv2010.1.i586.rpm
 ab16c9a8c76c7b4ad2aa4a63330aa555  
2010.1/i586/pidgin-plugins-2.7.3-0.1mdv2010.1.i586.rpm
 5462004ddf391342ac46960d3a5dc36e  
2010.1/i586/pidgin-silc-2.7.3-0.1mdv2010.1.i586.rpm
 e7a46f75407c2063eefad440a9e47c5a  
2010.1/i586/pidgin-tcl-2.7.3-0.1mdv2010.1.i586.rpm 
 cc27820d6d975f3c6fe20aac044e2e2d  
2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 f8ce165cae621ff31464867ef708689c  
2010.1/x86_64/finch-2.7.3-0.1mdv2010.1.x86_64.rpm
 038394859f480b54771c5fefe1548ada  
2010.1/x86_64/lib64finch0-2.7.3-0.1mdv2010.1.x86_64.rpm
 02de0ec7c1015454e305c964ddb1f3e8  
2010.1/x86_64/lib64purple0-2.7.3-0.1mdv2010.1.x86_64.rpm
 211875f94eb95d77a25f5472872ffb5e  
2010.1/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.1.x86_64.rpm
 d791f06b45f23499cf68aa0583474b11  
2010.1/x86_64/pidgin-2.7.3-0.1mdv2010.1.x86_64.rpm
 25089f1e1ec99d85ebb03208c7e253cf  
2010.1/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.1.x86_64.rpm
 ec80ddd3ae86895e9ec2cc87765b7756  
2010.1/x86_64/pidgin-client-2.7.3-0.1mdv2010.1.x86_64.rpm
 f99811c01f4875a2a556a7db55dfbe77  
2010.1/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.1.x86_64.rpm
 cc1d0b1c8006eff3e74e0731c35f5b12  
2010.1/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.1.x86_64.rpm
 bcdd432df8cf71099a423afb467cbc10  
2010.1/x86_64/pidgin-perl-2.7.3-0.1mdv2010.1.x86_64.rpm
 68ee77089e6ec4014107275d70927710  
2010.1/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.1.x86_64.rpm
 c3e39492df9753e1865363463cac0479  
2010.1/x86_64/pidgin-silc-2.7.3-0.1mdv2010.1.x86_64.rpm
 125602a2b6ee373f7a45ca8079b5ff2b  
2010.1/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.1.x86_64.rpm 
 cc27820d6d975f3c6fe20aac044e2e2d  
2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMY9opmqjQ0CJFipgRAnq3AKCNoeB1p0p38DiqexwLcQnK3ZksJwCaAhjV
kcVYAorP1VH1YehF4uox/6g=
=WyEv
-----END PGP SIGNATURE-----
Prev by Date: Secunia Research: Opera "Download" Dialog File Execution Security Issue
Next by Date: [ MDVSA-2010:149 ] freetype2
Previous by thread: Secunia Research: Opera "Download" Dialog File Execution Security Issue
Next by thread: [ MDVSA-2010:149 ] freetype2
Index(es):
- Date
- Thread