[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2010:041 ] pidgin
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2010:041 ] pidgin
- From: security@xxxxxxxxxxxx
- Date: Thu, 18 Feb 2010 15:45:00 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:041
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : February 18, 2010
Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in pidgin:
Certain malformed SLP messages can trigger a crash because the MSN
protocol plugin fails to check that all pieces of the message are
set correctly (CVE-2010-0277).
In a user in a multi-user chat room has a nickname containing '<br>'
then libpurple ends up having two users with username ' ' in the room,
and Finch crashes in this situation. We do not believe there is a
possibility of remote code execution (CVE-2010-0420).
oCERT notified us about a problem in Pidgin, where a large amount of
processing time will be used when inserting many smileys into an IM
or chat window. This should not cause a crash, but Pidgin can become
unusable slow (CVE-2010-0423).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
This update provides pidgin 2.6.6, which is not vulnerable to these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
7b6b149b6d3b66ac216ffdb39366d122 2008.0/i586/finch-2.6.6-0.1mdv2008.0.i586.rpm
f8ef6b0bfb06eb0617fe0056b61838fc
2008.0/i586/libfinch0-2.6.6-0.1mdv2008.0.i586.rpm
c9f08705a68c551450888cbd383f8e56
2008.0/i586/libpurple0-2.6.6-0.1mdv2008.0.i586.rpm
fbfd67f6c3e9f70d3f6f67bbec3bb4aa
2008.0/i586/libpurple-devel-2.6.6-0.1mdv2008.0.i586.rpm
6d755e7a06ffc9448284b8c4eb740ea1
2008.0/i586/pidgin-2.6.6-0.1mdv2008.0.i586.rpm
832a2337f06dca86d03bd63700a0b6fc
2008.0/i586/pidgin-bonjour-2.6.6-0.1mdv2008.0.i586.rpm
4aae5ff624474b1a3ab1881fcaefa8a6
2008.0/i586/pidgin-client-2.6.6-0.1mdv2008.0.i586.rpm
7efd3e7f89696fee9bbe296a670e9df9
2008.0/i586/pidgin-gevolution-2.6.6-0.1mdv2008.0.i586.rpm
8f5738068a81d1ffe99d59899713d16a
2008.0/i586/pidgin-i18n-2.6.6-0.1mdv2008.0.i586.rpm
58a0e6335b9c96521f59c91a85345e01
2008.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2008.0.i586.rpm
3ac4042242d37f433273ab51a1cb4c0b
2008.0/i586/pidgin-mono-2.6.6-0.1mdv2008.0.i586.rpm
6da48c44f958ffb67455d8f509666c10
2008.0/i586/pidgin-perl-2.6.6-0.1mdv2008.0.i586.rpm
e91b445d44e9f91a2ec01a810a4c38a8
2008.0/i586/pidgin-plugins-2.6.6-0.1mdv2008.0.i586.rpm
c8e71cea5a86ebcb8c7ed9d6dac24b6e
2008.0/i586/pidgin-silc-2.6.6-0.1mdv2008.0.i586.rpm
e7c31cba54af11f0edb6751bd7588020
2008.0/i586/pidgin-tcl-2.6.6-0.1mdv2008.0.i586.rpm
70ad21797df8b08cbfb58fc68eb4a8cf
2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
c9e7f9564baccc6bc287efca970e38d5
2008.0/x86_64/finch-2.6.6-0.1mdv2008.0.x86_64.rpm
4fd49c393a4088afa297fe4a81ca65b3
2008.0/x86_64/lib64finch0-2.6.6-0.1mdv2008.0.x86_64.rpm
2b40ea32871b376e4dd73f49ec2a36d7
2008.0/x86_64/lib64purple0-2.6.6-0.1mdv2008.0.x86_64.rpm
05503a1c0b1bbd012f3189787e09f3e5
2008.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2008.0.x86_64.rpm
e3d4bc963da791a4a5dc8045d31f0c54
2008.0/x86_64/pidgin-2.6.6-0.1mdv2008.0.x86_64.rpm
bcae488fe843bb895bba2ad5b18e86bc
2008.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2008.0.x86_64.rpm
e168b0d56e10dfe2c876702faa408f7e
2008.0/x86_64/pidgin-client-2.6.6-0.1mdv2008.0.x86_64.rpm
0715caa8f7089f61d33d92713b269324
2008.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2008.0.x86_64.rpm
5e951d56643525136acf0da0e5f7f21e
2008.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2008.0.x86_64.rpm
11d8b84a808c378a20643b4804df07f9
2008.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2008.0.x86_64.rpm
8363da50ff8fc2e1308f6cb4a0232a57
2008.0/x86_64/pidgin-mono-2.6.6-0.1mdv2008.0.x86_64.rpm
a9deb37c4c307cf813bd4e9b623ec887
2008.0/x86_64/pidgin-perl-2.6.6-0.1mdv2008.0.x86_64.rpm
212ed915b101ddcbbfbb6d16b3b2e16c
2008.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2008.0.x86_64.rpm
3d844afe270123a03624936762f6d933
2008.0/x86_64/pidgin-silc-2.6.6-0.1mdv2008.0.x86_64.rpm
7c311ac8a7ceec13d4933a4840c2c3a9
2008.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2008.0.x86_64.rpm
70ad21797df8b08cbfb58fc68eb4a8cf
2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm
Mandriva Linux 2009.1:
cb7a40ecc6ae8dd5a35d16f892be6837 2009.1/i586/finch-2.6.6-0.1mdv2009.1.i586.rpm
82db17cb68dddce64cffb125da531871
2009.1/i586/libfinch0-2.6.6-0.1mdv2009.1.i586.rpm
5ed7e9c7503ec5a860bcb4a08a1dfc52
2009.1/i586/libpurple0-2.6.6-0.1mdv2009.1.i586.rpm
3c7e67bede967dc9a75e67f5ba0d4682
2009.1/i586/libpurple-devel-2.6.6-0.1mdv2009.1.i586.rpm
1c9490f205ef22d235c62ec8919eb9f5
2009.1/i586/pidgin-2.6.6-0.1mdv2009.1.i586.rpm
02a7a3b4f7c329a27445c27661ca1589
2009.1/i586/pidgin-bonjour-2.6.6-0.1mdv2009.1.i586.rpm
432ea2a9fb79a07e7490f6ab832613e7
2009.1/i586/pidgin-client-2.6.6-0.1mdv2009.1.i586.rpm
e31b2a2b667dacbdc918e8b5dbcff996
2009.1/i586/pidgin-gevolution-2.6.6-0.1mdv2009.1.i586.rpm
4b0c2b039dd58992507ca2f0bb801b22
2009.1/i586/pidgin-i18n-2.6.6-0.1mdv2009.1.i586.rpm
9e39513f6310f39999bb4645545fc5c7
2009.1/i586/pidgin-meanwhile-2.6.6-0.1mdv2009.1.i586.rpm
0e7787c636f4f30cba7ad4d863fb720c
2009.1/i586/pidgin-mono-2.6.6-0.1mdv2009.1.i586.rpm
2df8fbea4fa43b7cfbda29241614907f
2009.1/i586/pidgin-perl-2.6.6-0.1mdv2009.1.i586.rpm
ab2a3d17c627da8e0f445de8f6a1f371
2009.1/i586/pidgin-plugins-2.6.6-0.1mdv2009.1.i586.rpm
fed0dc5e71e51bda6e1c6e5dc4296883
2009.1/i586/pidgin-silc-2.6.6-0.1mdv2009.1.i586.rpm
010fe45d263e609656af0c3b5235d9a1
2009.1/i586/pidgin-tcl-2.6.6-0.1mdv2009.1.i586.rpm
1a90d8b3989e31ab9d1769b454de8a42
2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
21abb5508ce03d26b88b942af4e14a4f
2009.1/x86_64/finch-2.6.6-0.1mdv2009.1.x86_64.rpm
c308a1b01304d63cd58dbabcab49119b
2009.1/x86_64/lib64finch0-2.6.6-0.1mdv2009.1.x86_64.rpm
cf0c32085702b936a1f69e1caa6e2dcc
2009.1/x86_64/lib64purple0-2.6.6-0.1mdv2009.1.x86_64.rpm
232104e2b9bb0c66aa774f365a45b2ad
2009.1/x86_64/lib64purple-devel-2.6.6-0.1mdv2009.1.x86_64.rpm
8043caea0b17e2de041c4ae0465d90ea
2009.1/x86_64/pidgin-2.6.6-0.1mdv2009.1.x86_64.rpm
0f6c55a69562a532b1100670571c3b26
2009.1/x86_64/pidgin-bonjour-2.6.6-0.1mdv2009.1.x86_64.rpm
c09462c1ef04b6ddc0223a02ccdb166f
2009.1/x86_64/pidgin-client-2.6.6-0.1mdv2009.1.x86_64.rpm
6ac732d589d33f7181ea8dadbfd9942e
2009.1/x86_64/pidgin-gevolution-2.6.6-0.1mdv2009.1.x86_64.rpm
0fa53c5e0337129d90d774726dee4125
2009.1/x86_64/pidgin-i18n-2.6.6-0.1mdv2009.1.x86_64.rpm
93457954dbd33a99f42bad1a0a98c109
2009.1/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2009.1.x86_64.rpm
05fecf234348f4d4397fc2e48f1be04e
2009.1/x86_64/pidgin-mono-2.6.6-0.1mdv2009.1.x86_64.rpm
033f93c6dc9298e5f3dc0fa89c587b9b
2009.1/x86_64/pidgin-perl-2.6.6-0.1mdv2009.1.x86_64.rpm
664e601cd561b106c0a158a648492528
2009.1/x86_64/pidgin-plugins-2.6.6-0.1mdv2009.1.x86_64.rpm
95ed0f1bfd9baba0e23cb0c50d3757b7
2009.1/x86_64/pidgin-silc-2.6.6-0.1mdv2009.1.x86_64.rpm
52828745a279468c82975af28a385151
2009.1/x86_64/pidgin-tcl-2.6.6-0.1mdv2009.1.x86_64.rpm
1a90d8b3989e31ab9d1769b454de8a42
2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
1c29f9d4c4f6f4cfbc0944bceeb6668b 2010.0/i586/finch-2.6.6-0.1mdv2010.0.i586.rpm
29bfd28b9aea472156e5a9de553bc1b7
2010.0/i586/libfinch0-2.6.6-0.1mdv2010.0.i586.rpm
496a494ab167a8bfb6dee5928e5b34e1
2010.0/i586/libpurple0-2.6.6-0.1mdv2010.0.i586.rpm
6b0f5a9b3baa507fceab913a4f048047
2010.0/i586/libpurple-devel-2.6.6-0.1mdv2010.0.i586.rpm
385680fa424f34569f8c0c6f3dee4f4a
2010.0/i586/pidgin-2.6.6-0.1mdv2010.0.i586.rpm
c07570c72eb5679964a16e40328f78cc
2010.0/i586/pidgin-bonjour-2.6.6-0.1mdv2010.0.i586.rpm
bed045f942b8581a8f218070eab86dd0
2010.0/i586/pidgin-client-2.6.6-0.1mdv2010.0.i586.rpm
50c4dacdb01d054ab5e0b80309704cb7
2010.0/i586/pidgin-gevolution-2.6.6-0.1mdv2010.0.i586.rpm
ab3939b75120e531e60e312a385533ff
2010.0/i586/pidgin-i18n-2.6.6-0.1mdv2010.0.i586.rpm
149b333453e1126a3b4641e19906c88f
2010.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2010.0.i586.rpm
29d5d75e9d84ada8fb82ce176f782226
2010.0/i586/pidgin-mono-2.6.6-0.1mdv2010.0.i586.rpm
01443fc929ffd95481bae32ad4399819
2010.0/i586/pidgin-perl-2.6.6-0.1mdv2010.0.i586.rpm
84781f1d515702edad903793a867fd23
2010.0/i586/pidgin-plugins-2.6.6-0.1mdv2010.0.i586.rpm
3c1828e4cde8c0c36cdc6b242642d3a8
2010.0/i586/pidgin-silc-2.6.6-0.1mdv2010.0.i586.rpm
cfb8a979ecb4af00249c9ea1586ba43b
2010.0/i586/pidgin-tcl-2.6.6-0.1mdv2010.0.i586.rpm
179fe3c8d4d38eadee60cbfb51aeb19c
2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
6eaad34c716bbdd7fa01c5feed445f76
2010.0/x86_64/finch-2.6.6-0.1mdv2010.0.x86_64.rpm
ab025b0de4c4a7d8047309c2d94ce0c0
2010.0/x86_64/lib64finch0-2.6.6-0.1mdv2010.0.x86_64.rpm
ff08767b311b4cd0fae4b756a86c4787
2010.0/x86_64/lib64purple0-2.6.6-0.1mdv2010.0.x86_64.rpm
ca65fc197deb32c6e8b05c67c457c66b
2010.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2010.0.x86_64.rpm
32dd77d13f9d18480a44d9e711e6fe53
2010.0/x86_64/pidgin-2.6.6-0.1mdv2010.0.x86_64.rpm
169a880508c91e1a4444c546776fcd00
2010.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2010.0.x86_64.rpm
6bcdf650c31b3092992e943e7b2aa070
2010.0/x86_64/pidgin-client-2.6.6-0.1mdv2010.0.x86_64.rpm
2afdef1f1fc09373856b65d7f71e8621
2010.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2010.0.x86_64.rpm
6a4a9fb474d69168216e72331ad6ad9c
2010.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2010.0.x86_64.rpm
7edfcfbe7a2ce9a6b01232558f641ec7
2010.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2010.0.x86_64.rpm
ec35aac66e974579e06fbb6057a6df31
2010.0/x86_64/pidgin-mono-2.6.6-0.1mdv2010.0.x86_64.rpm
20e61a99135d61b0deb910648b78923e
2010.0/x86_64/pidgin-perl-2.6.6-0.1mdv2010.0.x86_64.rpm
ae9cdc960d4edc6c8bc1854250203036
2010.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2010.0.x86_64.rpm
b80ea4263b63cfc34dd4009ee362090b
2010.0/x86_64/pidgin-silc-2.6.6-0.1mdv2010.0.x86_64.rpm
3d3ade5b5518b513edc78d1b12a4073c
2010.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2010.0.x86_64.rpm
179fe3c8d4d38eadee60cbfb51aeb19c
2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
149dcd26bf531e6ee3e75b3eccc0b9ba mes5/i586/finch-2.6.6-0.1mdvmes5.i586.rpm
1a10b71c66ed39bdd40846721fb0a87b mes5/i586/libfinch0-2.6.6-0.1mdvmes5.i586.rpm
6929c7486d4d242eb4c1bb3c11d2a945
mes5/i586/libpurple0-2.6.6-0.1mdvmes5.i586.rpm
1d2539414922b39bc00b62755ddaa816
mes5/i586/libpurple-devel-2.6.6-0.1mdvmes5.i586.rpm
732cba3fd4e87cd9b8b619c5c69ab992 mes5/i586/pidgin-2.6.6-0.1mdvmes5.i586.rpm
9fd465a4f8fac859c99866105f7b8ca6
mes5/i586/pidgin-bonjour-2.6.6-0.1mdvmes5.i586.rpm
cc9df9d83f6d502be50ab878fb59548a
mes5/i586/pidgin-client-2.6.6-0.1mdvmes5.i586.rpm
83e99b56360e08fd571073c73c1e90b1
mes5/i586/pidgin-gevolution-2.6.6-0.1mdvmes5.i586.rpm
c19131aa4670612f77df7fefa0075832
mes5/i586/pidgin-i18n-2.6.6-0.1mdvmes5.i586.rpm
b1102c9ae4445baf526c6c146300f5c2
mes5/i586/pidgin-meanwhile-2.6.6-0.1mdvmes5.i586.rpm
97a7683edc25e5d4e1291086e882db52
mes5/i586/pidgin-mono-2.6.6-0.1mdvmes5.i586.rpm
b456b539f96ddf35cb06ce8d0ffc1c13
mes5/i586/pidgin-perl-2.6.6-0.1mdvmes5.i586.rpm
494d4e499b6b3edd278d24051d844eaf
mes5/i586/pidgin-plugins-2.6.6-0.1mdvmes5.i586.rpm
a3bde2acd56c097262e2e82b6dad619d
mes5/i586/pidgin-silc-2.6.6-0.1mdvmes5.i586.rpm
250a49eb240275dbda69c9c4b6914590
mes5/i586/pidgin-tcl-2.6.6-0.1mdvmes5.i586.rpm
267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
8d64ee79b213c13c19a4198841a144ac mes5/x86_64/finch-2.6.6-0.1mdvmes5.x86_64.rpm
5c433ebf35e04e8d6de964137dc276dd
mes5/x86_64/lib64finch0-2.6.6-0.1mdvmes5.x86_64.rpm
7cc32a1bb4ebe61b0723f94658a45ae1
mes5/x86_64/lib64purple0-2.6.6-0.1mdvmes5.x86_64.rpm
2d427370e582eb2709b1b3f50b54a364
mes5/x86_64/lib64purple-devel-2.6.6-0.1mdvmes5.x86_64.rpm
db09b8debee6cca9ebbd66fa2d12ec47
mes5/x86_64/pidgin-2.6.6-0.1mdvmes5.x86_64.rpm
bcc51f21decc8447069faa3c1f8563c2
mes5/x86_64/pidgin-bonjour-2.6.6-0.1mdvmes5.x86_64.rpm
5e368dec9bccac6530c79855892c8a45
mes5/x86_64/pidgin-client-2.6.6-0.1mdvmes5.x86_64.rpm
d068b236e3e33274d32ccf911d07ae27
mes5/x86_64/pidgin-gevolution-2.6.6-0.1mdvmes5.x86_64.rpm
14542696ab4124d542435f2d09f1b8e2
mes5/x86_64/pidgin-i18n-2.6.6-0.1mdvmes5.x86_64.rpm
1abe031c7d81ef8e3744ccac89e085f8
mes5/x86_64/pidgin-meanwhile-2.6.6-0.1mdvmes5.x86_64.rpm
fe6d09ae59b3afb8d6154411d2274ad8
mes5/x86_64/pidgin-mono-2.6.6-0.1mdvmes5.x86_64.rpm
0cafc627ab6efa449cd1857c9032de68
mes5/x86_64/pidgin-perl-2.6.6-0.1mdvmes5.x86_64.rpm
650f4c48dafe08cca128ff1410c7c919
mes5/x86_64/pidgin-plugins-2.6.6-0.1mdvmes5.x86_64.rpm
fd78039daafeb41f2356a3e617f37c08
mes5/x86_64/pidgin-silc-2.6.6-0.1mdvmes5.x86_64.rpm
afb6b2d287d4df27e845fbbb0331052d
mes5/x86_64/pidgin-tcl-2.6.6-0.1mdvmes5.x86_64.rpm
267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLfSUHmqjQ0CJFipgRAttGAKCxQbsdGtNK2rs9RMbLQmhz2UM69wCg32zV
vL0qCU2xlQDncxOIar1eKrI=
=vJpo
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/