lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1250775159.12029.0.camel@mdlinux.technorage.com>
Date: Thu, 20 Aug 2009 09:32:39 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-820-1] Pidgin vulnerability

===========================================================
Ubuntu Security Notice USN-820-1            August 20, 2009
pidgin vulnerability
CVE-2009-2694
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  pidgin                          1:2.4.1-1ubuntu2.6

Ubuntu 8.10:
  pidgin                          1:2.5.2-0ubuntu1.4

Ubuntu 9.04:
  pidgin                          1:2.5.5-1ubuntu8.4

After a standard system upgrade you need to restart Pidgin to effect the
necessary changes.

Details follow:

Federico Muttis discovered that Pidgin did not properly handle certain
malformed messages in the MSN protocol handler. A remote attacker could
send a specially crafted message and possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6.diff.gz
      Size/MD5:    69507 5a156d0c5aae91c4518d86911159959c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6.dsc
      Size/MD5:     1539 1104a50f69066f066c7b8bf0a92ce9fe
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1.orig.tar.gz
      Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1ubuntu2.6_all.deb
      Size/MD5:    37842 ec50ba9bcce0dd5a810a777465c20074
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4.1-1ubuntu2.6_all.deb
      Size/MD5:    92552 ef9f734ad6866526d51e6f407fdba966
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4.1-1ubuntu2.6_all.deb
      Size/MD5:   234660 c4dfe36cdbefecb8bf441a8567a52108
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1-1ubuntu2.6_all.deb
      Size/MD5:  1329166 d91a4934ea28ab1e64120e438525448e
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1-1ubuntu2.6_all.deb
      Size/MD5:    72640 6b052c77f6dfb7b8e0bbffc8ecd1ab84
    http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1ubuntu2.6_all.deb
      Size/MD5:    86694 5a0eaf4be7a773d8a7ed686042a02e7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_amd64.deb
      Size/MD5:   226878 53aacddff6bc8d1966f7a7b81432f592
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_amd64.deb
      Size/MD5:  1604958 9875aa3a72e74708ed0f94f575004814
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_amd64.deb
      Size/MD5:  4433000 30e0125a11a4c887d534849349a645c7
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_amd64.deb
      Size/MD5:   572086 5348b7a095d38250f3cd3c31c32e491d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_i386.deb
      Size/MD5:   200868 b153c8e53681be3fd3e3eb41fdb82c1d
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_i386.deb
      Size/MD5:  1365242 934661f4c2232b2d1826b64a1cc4f659
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_i386.deb
      Size/MD5:  4242684 c6e5f637467ff8f3dba27eb19fcf1da5
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_i386.deb
      Size/MD5:   517148 f76f50f194cb75c1a8f35bdd1a576704

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_lpia.deb
      Size/MD5:   197204 217c1b7f8b880f0e51cf48576c832d3d
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_lpia.deb
      Size/MD5:  1415524 cd7ed00e6a5b13263276525f8e903f86
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_lpia.deb
      Size/MD5:  4372818 60ef38a0d87eea5e5da43bfeaf3f442a
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_lpia.deb
      Size/MD5:   511658 8e064b636314cd8e6ce25ed0ac67b12c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_powerpc.deb
      Size/MD5:   237196 517b05a34a8d51bbc566971d29d324aa
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_powerpc.deb
      Size/MD5:  1633794 df2f3495ac7574b822a29c588f5a8039
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_powerpc.deb
      Size/MD5:  4475988 cebbe3d44501c5aa2d2b01aae0994f71
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_powerpc.deb
      Size/MD5:   589664 458348c9b4fb1c2e83518c7c2a1c53f9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_sparc.deb
      Size/MD5:   212842 f78bd158351aa2ca3343a4b6063ed174
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_sparc.deb
      Size/MD5:  1532072 f4dfba9cc441bdfaaa2fd37c524a3810
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_sparc.deb
      Size/MD5:  4364276 e864905da92a2241ba84d5255ce2fad9
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_sparc.deb
      Size/MD5:   545638 606651780f94920ef040d7743ea8bc5e

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4.diff.gz
      Size/MD5:    61560 58944be4aa28de054908df79369620c2
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4.dsc
      Size/MD5:     1995 5658c94d3bc24be6b83a9124900bb7a0
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2.orig.tar.gz
      Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.2-0ubuntu1.4_all.deb
      Size/MD5:    38224 cbd002bb11c2f248593ac61bad571401
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.2-0ubuntu1.4_all.deb
      Size/MD5:    95074 2838319e1abfc1b8a24b97079ceaf354
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.2-0ubuntu1.4_all.deb
      Size/MD5:   242534 c9a8326b0ce821c0d2b6794832b521d1
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.2-0ubuntu1.4_all.deb
      Size/MD5:  1107062 51ae15cbd685cb3744b7fc5434690363
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.2-0ubuntu1.4_all.deb
      Size/MD5:  1357218 c642982c4ff1dddbe103ba93a00a447c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_amd64.deb
      Size/MD5:   230064 3677b51d87081df77939ddc31684395c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_amd64.deb
      Size/MD5:  1754926 6edd00a26a1a040e68cd2af319f7d233
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_amd64.deb
      Size/MD5:  4660668 9e2a3d93cac27c1fac9272694978a098
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_amd64.deb
      Size/MD5:   613972 a0afaa6578e710bcca694847becd6db2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_i386.deb
      Size/MD5:   204018 89c9e0700ec1d8641a9d77618b8fb580
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_i386.deb
      Size/MD5:  1503386 4cba742a8fcb81c157abf326da8e67b6
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_i386.deb
      Size/MD5:  4464550 af50a31b8cdc1b3e48d732ec7ed2730c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_i386.deb
      Size/MD5:   559602 4f6ad7167e636c485ebbb29d1c14c9f9

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_lpia.deb
      Size/MD5:   200652 0eaa53bfcf1d9bb24e946ff8a8b7a28a
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_lpia.deb
      Size/MD5:  1552332 f58dd6dd3aee3a742f2fec7ba89f5fc4
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_lpia.deb
      Size/MD5:  4599368 8925851f4ea5e84099e933eb8c5fdd96
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_lpia.deb
      Size/MD5:   553780 e360880cb932c6de68ba7eb316278997

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_powerpc.deb
      Size/MD5:   235494 4ebe061587c4872395aaf64622cbd2db
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_powerpc.deb
      Size/MD5:  1790572 c25454e4ced3fa17b3e802d814fb7e8d
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_powerpc.deb
      Size/MD5:  4685030 a5783898cb1f912c3663b951c5e31af4
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_powerpc.deb
      Size/MD5:   619564 932a0246c9e18aa2b0cab3cb3a9e4594

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_sparc.deb
      Size/MD5:   217320 72184bf658167caeb2bc47452d09c8f2
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_sparc.deb
      Size/MD5:  1682764 f9bffdef0fb16d3f496ab1627651ff21
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_sparc.deb
      Size/MD5:  4586964 d8db6242a8babf124ff7e6934ca6efa9
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_sparc.deb
      Size/MD5:   590740 ea7404d3163fc59ec8c8261799cc475a

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4.diff.gz
      Size/MD5:   132943 aa604b423d3e0da11231c0d7a83dcf0a
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4.dsc
      Size/MD5:     1935 c608dd6c53dad7f0275a2ad1028564b9
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5.orig.tar.gz
      Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.5-1ubuntu8.4_all.deb
      Size/MD5:    38436 18056d63fcb05bb8b6d17154bcaeb84d
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.5-1ubuntu8.4_all.deb
      Size/MD5:    97634 9e8cabec7e1f7b905023db61e62d1c64
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.5-1ubuntu8.4_all.deb
      Size/MD5:   245702 27f6acf6074b062b54cbbd918adfccdb
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.5-1ubuntu8.4_all.deb
      Size/MD5:  1150970 245a7d841f315fd4f454cdf7db268805
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.5-1ubuntu8.4_all.deb
      Size/MD5:  1371390 bc67528e9b401778a6f9f1e6247000c4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_amd64.deb
      Size/MD5:   235090 011807f7659fe732b5722381834bdd88
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_amd64.deb
      Size/MD5:  1769468 f713610c9cbc32c475e80ae7dab67ae2
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_amd64.deb
      Size/MD5:  5845104 a2a5285fa38617b275c3aa8b041e879b
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_amd64.deb
      Size/MD5:   567412 924a52c9061cb147ca4823d24dacd292

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_i386.deb
      Size/MD5:   213590 2d54ff14bf96e073cfee100633e6bcf8
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_i386.deb
      Size/MD5:  1552872 08b5cf06013b9a7ef1a572e69988698b
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_i386.deb
      Size/MD5:  5447526 75b0b2070a01d81c68418163c1533d0c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_i386.deb
      Size/MD5:   519326 1a1788951a0f4994d562ef6b4aefc05c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_lpia.deb
      Size/MD5:   212134 4ba47ad65efe2d8ceff6e20142d60e78
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_lpia.deb
      Size/MD5:  1613190 41aca1287556ec81e70ae632a7a1c9c7
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_lpia.deb
      Size/MD5:  5594584 9139deba520a05fc2647a1f382333376
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_lpia.deb
      Size/MD5:   518514 c2d6cc567e03bca82bdecb693e5e3c57

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_powerpc.deb
      Size/MD5:   245164 9ad3bfad1253d55f9b2222eee47092a0
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_powerpc.deb
      Size/MD5:  1825596 32e70c582368376d03f6cd929b47a711
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_powerpc.deb
      Size/MD5:  5758858 3c515c7763d36dd644a2a0629d039104
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_powerpc.deb
      Size/MD5:   580976 a9068c763728014f85fa73274c42bac5




Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ