| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jul 2012 18:23:00 +0200 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2012:105 ] pidgin -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:105 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pidgin Date : July 12, 2012 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in pidgin: Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code (CVE-2012-3374). This update provides pidgin 2.10.6, which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374 http://www.pidgin.im/news/security/ http://pidgin.im/news/security/?id=64 _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: f7e80d172c6ff75bef0a079589f17a1b 2011/i586/finch-2.10.6-0.1-mdv2011.0.i586.rpm 9c75f2f1b17effeaaaf710463875a473 2011/i586/libfinch0-2.10.6-0.1-mdv2011.0.i586.rpm d4db21d9df134c4f11b08707b77707e1 2011/i586/libpurple0-2.10.6-0.1-mdv2011.0.i586.rpm a889ba0e001bee7af11f6009e3562215 2011/i586/libpurple-devel-2.10.6-0.1-mdv2011.0.i586.rpm 2b72382164f8fd402f0b460c82c56959 2011/i586/pidgin-2.10.6-0.1-mdv2011.0.i586.rpm 759ae3b3f5929db50d9aef394d949605 2011/i586/pidgin-bonjour-2.10.6-0.1-mdv2011.0.i586.rpm 54296635ba1a6177f5b41763cbe60a71 2011/i586/pidgin-client-2.10.6-0.1-mdv2011.0.i586.rpm a9da5bc76e3386b7fd523e3399b76913 2011/i586/pidgin-gevolution-2.10.6-0.1-mdv2011.0.i586.rpm 8b2b02aa62ff5263847946efb42c7b35 2011/i586/pidgin-i18n-2.10.6-0.1-mdv2011.0.i586.rpm 86c69bb304cebd8b68a5c4f72c910ac7 2011/i586/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.i586.rpm 423b5de6a52df201b49bad1084abe911 2011/i586/pidgin-perl-2.10.6-0.1-mdv2011.0.i586.rpm 74c109b3d3656734e8faf4601aadba38 2011/i586/pidgin-plugins-2.10.6-0.1-mdv2011.0.i586.rpm f441239c240d79e4ef35af71f215257a 2011/i586/pidgin-silc-2.10.6-0.1-mdv2011.0.i586.rpm 46739077bff4833ad182dc40795aadff 2011/i586/pidgin-tcl-2.10.6-0.1-mdv2011.0.i586.rpm e8a07df63c3f2a450a4b45eb95cb9fd4 2011/SRPMS/pidgin-2.10.6-0.1.src.rpm Mandriva Linux 2011/X86_64: 2d9874e00deb28593b98a4b63a11fc95 2011/x86_64/finch-2.10.6-0.1-mdv2011.0.x86_64.rpm fe7d3656599ec27b78c31be4dfb68441 2011/x86_64/lib64finch0-2.10.6-0.1-mdv2011.0.x86_64.rpm b7a208f00fe6b2e53f9bd2c12522c24c 2011/x86_64/lib64purple0-2.10.6-0.1-mdv2011.0.x86_64.rpm 66025c20289c6b2217319dda95a198e9 2011/x86_64/lib64purple-devel-2.10.6-0.1-mdv2011.0.x86_64.rpm cfff0a1ede9098cf357118b10b92f2d0 2011/x86_64/pidgin-2.10.6-0.1-mdv2011.0.x86_64.rpm 88af560635a40fcd409b3220b954e310 2011/x86_64/pidgin-bonjour-2.10.6-0.1-mdv2011.0.x86_64.rpm 6a9f611ae694f7694548f6f0c9ff50c6 2011/x86_64/pidgin-client-2.10.6-0.1-mdv2011.0.x86_64.rpm 7d40804aed23ddb0e5cd97c9e49f1c9e 2011/x86_64/pidgin-gevolution-2.10.6-0.1-mdv2011.0.x86_64.rpm 36987a95485088a304c6eb690dd0ff9e 2011/x86_64/pidgin-i18n-2.10.6-0.1-mdv2011.0.x86_64.rpm bb8008b19912728181c2f38750ccc3dd 2011/x86_64/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.x86_64.rpm b5810dfdc498eb7c04745b15570796a0 2011/x86_64/pidgin-perl-2.10.6-0.1-mdv2011.0.x86_64.rpm accbd9be402022dff0b5a06bdd5728c1 2011/x86_64/pidgin-plugins-2.10.6-0.1-mdv2011.0.x86_64.rpm 7e32481fb83772a7db9258cb93bc9054 2011/x86_64/pidgin-silc-2.10.6-0.1-mdv2011.0.x86_64.rpm 610c85d510ed29a36b87789628614c84 2011/x86_64/pidgin-tcl-2.10.6-0.1-mdv2011.0.x86_64.rpm e8a07df63c3f2a450a4b45eb95cb9fd4 2011/SRPMS/pidgin-2.10.6-0.1.src.rpm Mandriva Enterprise Server 5: c196053127a5d88a98d3fa631bfcc256 mes5/i586/finch-2.10.6-0.1mdvmes5.2.i586.rpm 2453d8f1af8aa146d464337614ae0977 mes5/i586/libfinch0-2.10.6-0.1mdvmes5.2.i586.rpm b16a875e4ae467a4930b9e3bd3789317 mes5/i586/libpurple0-2.10.6-0.1mdvmes5.2.i586.rpm d6a3ed842d2f37d9bbdb166935b61802 mes5/i586/libpurple-devel-2.10.6-0.1mdvmes5.2.i586.rpm 35f1e22da342cfed18b827a0c7434f38 mes5/i586/pidgin-2.10.6-0.1mdvmes5.2.i586.rpm bb71bb14fc009fb8246f8bd6bbd93491 mes5/i586/pidgin-bonjour-2.10.6-0.1mdvmes5.2.i586.rpm ff038b482916d9496c39c3c9ff1dc5f3 mes5/i586/pidgin-client-2.10.6-0.1mdvmes5.2.i586.rpm 3e4740561caaa1d3d3daac49b4f5a4fb mes5/i586/pidgin-gevolution-2.10.6-0.1mdvmes5.2.i586.rpm 3aed37790a68c8e7d4f7390751254f0a mes5/i586/pidgin-i18n-2.10.6-0.1mdvmes5.2.i586.rpm 3cb0495fdf8b600fdaf662d11b5ce0a8 mes5/i586/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.i586.rpm 4def3f67bb7c153fd4f3053d129f7676 mes5/i586/pidgin-perl-2.10.6-0.1mdvmes5.2.i586.rpm bf772b21bb3bfd378beba9418104c9d7 mes5/i586/pidgin-plugins-2.10.6-0.1mdvmes5.2.i586.rpm 62a87b9117c03ff5163e5e6adbd06a65 mes5/i586/pidgin-silc-2.10.6-0.1mdvmes5.2.i586.rpm 6c1d1a4e7eddaf5fa70883cc37807c22 mes5/i586/pidgin-tcl-2.10.6-0.1mdvmes5.2.i586.rpm a4137ed972c18c6345b772c4adf0ac77 mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 458a2546e5857aa5d332edc97de703c1 mes5/x86_64/finch-2.10.6-0.1mdvmes5.2.x86_64.rpm 757f2a910addcfd1c4cdc600c1516921 mes5/x86_64/lib64finch0-2.10.6-0.1mdvmes5.2.x86_64.rpm 3606e6640904682fce39b5fa27325b72 mes5/x86_64/lib64purple0-2.10.6-0.1mdvmes5.2.x86_64.rpm 5d32abf19c6064d9df5a4703d1eb9762 mes5/x86_64/lib64purple-devel-2.10.6-0.1mdvmes5.2.x86_64.rpm 3131b75bdc3af6b33008bed94641784e mes5/x86_64/pidgin-2.10.6-0.1mdvmes5.2.x86_64.rpm 23572b084883487d9a273df77b38485b mes5/x86_64/pidgin-bonjour-2.10.6-0.1mdvmes5.2.x86_64.rpm c1bdb0a73a5326122380a6d0e9acba88 mes5/x86_64/pidgin-client-2.10.6-0.1mdvmes5.2.x86_64.rpm 132314113d06f073c0683d4c97657959 mes5/x86_64/pidgin-gevolution-2.10.6-0.1mdvmes5.2.x86_64.rpm 5b35a7b1173c6cda450fb9f0c4bc2cd3 mes5/x86_64/pidgin-i18n-2.10.6-0.1mdvmes5.2.x86_64.rpm 75a5d162bebc87b9b7c60a7100de4ea1 mes5/x86_64/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.x86_64.rpm 773dea78ac849a0cfea52c21f104f5bc mes5/x86_64/pidgin-perl-2.10.6-0.1mdvmes5.2.x86_64.rpm 223cf7a77f11f00be346cb4e5d9017fc mes5/x86_64/pidgin-plugins-2.10.6-0.1mdvmes5.2.x86_64.rpm ecb7c1f5fed5b00214dbc28f9b8ac187 mes5/x86_64/pidgin-silc-2.10.6-0.1mdvmes5.2.x86_64.rpm b19c8fb427ad2ea9eceb0bf902a85a35 mes5/x86_64/pidgin-tcl-2.10.6-0.1mdvmes5.2.x86_64.rpm a4137ed972c18c6345b772c4adf0ac77 mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFP/s0RmqjQ0CJFipgRAkwQAKDWrB043Mil6ss0kz5zQw+6zhJojwCgpiyi CzwtQSPDkmLinBR5FO7/WK8= =F21j -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists