=========================================================== Ubuntu Security Notice USN-820-1 August 20, 2009 pidgin vulnerability CVE-2009-2694 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.6 Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.4 Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.4 After a standard system upgrade you need to restart Pidgin to effect the necessary changes. Details follow: Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6.diff.gz Size/MD5: 69507 5a156d0c5aae91c4518d86911159959c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6.dsc Size/MD5: 1539 1104a50f69066f066c7b8bf0a92ce9fe http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1.orig.tar.gz Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1ubuntu2.6_all.deb Size/MD5: 37842 ec50ba9bcce0dd5a810a777465c20074 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4.1-1ubuntu2.6_all.deb Size/MD5: 92552 ef9f734ad6866526d51e6f407fdba966 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4.1-1ubuntu2.6_all.deb Size/MD5: 234660 c4dfe36cdbefecb8bf441a8567a52108 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1-1ubuntu2.6_all.deb Size/MD5: 1329166 d91a4934ea28ab1e64120e438525448e http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1-1ubuntu2.6_all.deb Size/MD5: 72640 6b052c77f6dfb7b8e0bbffc8ecd1ab84 http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1ubuntu2.6_all.deb Size/MD5: 86694 5a0eaf4be7a773d8a7ed686042a02e7d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_amd64.deb Size/MD5: 226878 53aacddff6bc8d1966f7a7b81432f592 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_amd64.deb Size/MD5: 1604958 9875aa3a72e74708ed0f94f575004814 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_amd64.deb Size/MD5: 4433000 30e0125a11a4c887d534849349a645c7 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_amd64.deb Size/MD5: 572086 5348b7a095d38250f3cd3c31c32e491d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_i386.deb Size/MD5: 200868 b153c8e53681be3fd3e3eb41fdb82c1d http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_i386.deb Size/MD5: 1365242 934661f4c2232b2d1826b64a1cc4f659 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_i386.deb Size/MD5: 4242684 c6e5f637467ff8f3dba27eb19fcf1da5 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_i386.deb Size/MD5: 517148 f76f50f194cb75c1a8f35bdd1a576704 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_lpia.deb Size/MD5: 197204 217c1b7f8b880f0e51cf48576c832d3d http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_lpia.deb Size/MD5: 1415524 cd7ed00e6a5b13263276525f8e903f86 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_lpia.deb Size/MD5: 4372818 60ef38a0d87eea5e5da43bfeaf3f442a http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_lpia.deb Size/MD5: 511658 8e064b636314cd8e6ce25ed0ac67b12c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_powerpc.deb Size/MD5: 237196 517b05a34a8d51bbc566971d29d324aa http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_powerpc.deb Size/MD5: 1633794 df2f3495ac7574b822a29c588f5a8039 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_powerpc.deb Size/MD5: 4475988 cebbe3d44501c5aa2d2b01aae0994f71 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_powerpc.deb Size/MD5: 589664 458348c9b4fb1c2e83518c7c2a1c53f9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_sparc.deb Size/MD5: 212842 f78bd158351aa2ca3343a4b6063ed174 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_sparc.deb Size/MD5: 1532072 f4dfba9cc441bdfaaa2fd37c524a3810 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_sparc.deb Size/MD5: 4364276 e864905da92a2241ba84d5255ce2fad9 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_sparc.deb Size/MD5: 545638 606651780f94920ef040d7743ea8bc5e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4.diff.gz Size/MD5: 61560 58944be4aa28de054908df79369620c2 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4.dsc Size/MD5: 1995 5658c94d3bc24be6b83a9124900bb7a0 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2.orig.tar.gz Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.2-0ubuntu1.4_all.deb Size/MD5: 38224 cbd002bb11c2f248593ac61bad571401 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.2-0ubuntu1.4_all.deb Size/MD5: 95074 2838319e1abfc1b8a24b97079ceaf354 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.2-0ubuntu1.4_all.deb Size/MD5: 242534 c9a8326b0ce821c0d2b6794832b521d1 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.2-0ubuntu1.4_all.deb Size/MD5: 1107062 51ae15cbd685cb3744b7fc5434690363 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.2-0ubuntu1.4_all.deb Size/MD5: 1357218 c642982c4ff1dddbe103ba93a00a447c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_amd64.deb Size/MD5: 230064 3677b51d87081df77939ddc31684395c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_amd64.deb Size/MD5: 1754926 6edd00a26a1a040e68cd2af319f7d233 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_amd64.deb Size/MD5: 4660668 9e2a3d93cac27c1fac9272694978a098 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_amd64.deb Size/MD5: 613972 a0afaa6578e710bcca694847becd6db2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_i386.deb Size/MD5: 204018 89c9e0700ec1d8641a9d77618b8fb580 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_i386.deb Size/MD5: 1503386 4cba742a8fcb81c157abf326da8e67b6 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_i386.deb Size/MD5: 4464550 af50a31b8cdc1b3e48d732ec7ed2730c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_i386.deb Size/MD5: 559602 4f6ad7167e636c485ebbb29d1c14c9f9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_lpia.deb Size/MD5: 200652 0eaa53bfcf1d9bb24e946ff8a8b7a28a http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_lpia.deb Size/MD5: 1552332 f58dd6dd3aee3a742f2fec7ba89f5fc4 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_lpia.deb Size/MD5: 4599368 8925851f4ea5e84099e933eb8c5fdd96 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_lpia.deb Size/MD5: 553780 e360880cb932c6de68ba7eb316278997 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_powerpc.deb Size/MD5: 235494 4ebe061587c4872395aaf64622cbd2db http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_powerpc.deb Size/MD5: 1790572 c25454e4ced3fa17b3e802d814fb7e8d http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_powerpc.deb Size/MD5: 4685030 a5783898cb1f912c3663b951c5e31af4 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_powerpc.deb Size/MD5: 619564 932a0246c9e18aa2b0cab3cb3a9e4594 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_sparc.deb Size/MD5: 217320 72184bf658167caeb2bc47452d09c8f2 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_sparc.deb Size/MD5: 1682764 f9bffdef0fb16d3f496ab1627651ff21 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_sparc.deb Size/MD5: 4586964 d8db6242a8babf124ff7e6934ca6efa9 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_sparc.deb Size/MD5: 590740 ea7404d3163fc59ec8c8261799cc475a Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4.diff.gz Size/MD5: 132943 aa604b423d3e0da11231c0d7a83dcf0a http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4.dsc Size/MD5: 1935 c608dd6c53dad7f0275a2ad1028564b9 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5.orig.tar.gz Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.5-1ubuntu8.4_all.deb Size/MD5: 38436 18056d63fcb05bb8b6d17154bcaeb84d http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.5-1ubuntu8.4_all.deb Size/MD5: 97634 9e8cabec7e1f7b905023db61e62d1c64 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.5-1ubuntu8.4_all.deb Size/MD5: 245702 27f6acf6074b062b54cbbd918adfccdb http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.5-1ubuntu8.4_all.deb Size/MD5: 1150970 245a7d841f315fd4f454cdf7db268805 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.5-1ubuntu8.4_all.deb Size/MD5: 1371390 bc67528e9b401778a6f9f1e6247000c4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_amd64.deb Size/MD5: 235090 011807f7659fe732b5722381834bdd88 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_amd64.deb Size/MD5: 1769468 f713610c9cbc32c475e80ae7dab67ae2 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_amd64.deb Size/MD5: 5845104 a2a5285fa38617b275c3aa8b041e879b http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_amd64.deb Size/MD5: 567412 924a52c9061cb147ca4823d24dacd292 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_i386.deb Size/MD5: 213590 2d54ff14bf96e073cfee100633e6bcf8 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_i386.deb Size/MD5: 1552872 08b5cf06013b9a7ef1a572e69988698b http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_i386.deb Size/MD5: 5447526 75b0b2070a01d81c68418163c1533d0c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_i386.deb Size/MD5: 519326 1a1788951a0f4994d562ef6b4aefc05c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_lpia.deb Size/MD5: 212134 4ba47ad65efe2d8ceff6e20142d60e78 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_lpia.deb Size/MD5: 1613190 41aca1287556ec81e70ae632a7a1c9c7 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_lpia.deb Size/MD5: 5594584 9139deba520a05fc2647a1f382333376 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_lpia.deb Size/MD5: 518514 c2d6cc567e03bca82bdecb693e5e3c57 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_powerpc.deb Size/MD5: 245164 9ad3bfad1253d55f9b2222eee47092a0 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_powerpc.deb Size/MD5: 1825596 32e70c582368376d03f6cd929b47a711 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_powerpc.deb Size/MD5: 5758858 3c515c7763d36dd644a2a0629d039104 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_powerpc.deb Size/MD5: 580976 a9068c763728014f85fa73274c42bac5
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/