lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 18 Apr 2010 17:47:22 +0200 (CEST)
From: Thijs Kinkhorst <>
Subject: [SECURITY] [DSA 2038-1] New pidgin packages fix denial of service

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2038-1                                  Thijs Kinkhorst
April 18, 2010              
- ------------------------------------------------------------------------

Package        : pidgin
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2010-0420 CVE-2010-0423
Debian Bug     : 566775

Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:


	Crafted nicknames in the XMPP protocol can crash Pidgin remotely.


	Remote contacts may send too many custom smilies, crashing Pidgin.

Since a few months, Microsoft's servers for MSN have changed the protocol,
making Pidgin non-functional for use with MSN. It is not feasible to port
these changes to the version of Pidgin in Debian Lenny. This update
formalises that situation by disabling the protocol in the client. Users
of the MSN protocol are advised to use the version of Pidgin in the
repositories of

For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny6.

For the unstable distribution (sid), these problems have been fixed in
version 2.6.6-1.

We recommend that you upgrade your pidgin package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:
    Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
    Size/MD5 checksum:     1784 f640f8119ef901c7be009232c6dfee05
    Size/MD5 checksum:    72144 85217de41bcd069748eb441886cdfab9

Architecture independent packages:
    Size/MD5 checksum:  7019074 1c79c0da4c115e2699d577b957c4e541
    Size/MD5 checksum:   159726 c657bace836fb1d4f3c04c57bdcd7e19
    Size/MD5 checksum:   133894 49e2b54dcad5a2b40705478118da2d72
    Size/MD5 checksum:   277220 9517eadf780382575efcd57ba9dc308b
    Size/MD5 checksum:   193802 b05666d23964d0d28646dc49a85de940

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  1477324 c6c9e6753f98159748b9e0116bb40df3
    Size/MD5 checksum:   776550 1334935aee6756fdc1b6e1702cabe0b3
    Size/MD5 checksum:   369734 f54c236b4aa7e94d33da983f042bd82b
    Size/MD5 checksum:  4952616 ac34a66c4b19a7dd23b1fa0240c07f97

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   727918 e6447c0efc4f5c490bc806f00840b075
    Size/MD5 checksum:  1406192 68711767e43c6a0722b8b4d5ed59843a
    Size/MD5 checksum:  5067988 c430e8ff4e8b13830c71da4f6948a4f6
    Size/MD5 checksum:   348062 042092eae5df409b1b39ae96a6a5b856

arm architecture (ARM)
    Size/MD5 checksum:  1217972 2b2879660723d31097c9a535e14c177d
    Size/MD5 checksum:   657362 27313370246e22f31b6439981062dda7
    Size/MD5 checksum:   316578 36a170a849ca166bcfe9b457f85b9cdb
    Size/MD5 checksum:  4799502 e4689175bb1d17cb942ed50c7d091315

armel architecture (ARM EABI)
    Size/MD5 checksum:   668088 714b556255126c810659f203ffb93db1
    Size/MD5 checksum:  1221012 bbcb58abd9f04c1ba2df16bfce74e29c
    Size/MD5 checksum:   319790 b7c9ae4c8cfe107744523c44926375a4
    Size/MD5 checksum:  4821838 ca27cf7101ca23de2ab36cd0c21360d0

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  1495046 d445e1cb5e3500fc9970b1099ba14227
    Size/MD5 checksum:   754250 64d22a1f7c7b9c920360f325749ab0fe
    Size/MD5 checksum:   361568 d77edf95828aec4d0347f548e0b0a108
    Size/MD5 checksum:  4906668 1208501055cffef75023543a72c956ce

i386 architecture (Intel ia32)
    Size/MD5 checksum:  4809696 f6df7ed8178ad450886c4d19284e1c04
    Size/MD5 checksum:   326412 fb3dff6c0627b67e9710630906c770a9
    Size/MD5 checksum:  1290792 b0eaca04079ad13798d350ec18ad41b5
    Size/MD5 checksum:   679712 d946170d5d259c120f909285c48294fb

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  4669414 5273183a49a9b6e334963816871d6ce0
    Size/MD5 checksum:   434978 e4750a60b59c31a868dd0ebda33c96f2
    Size/MD5 checksum:   948754 2b9ce7e253458ce9f7511ba26ece0b90
    Size/MD5 checksum:  1789606 a2e654bacaaaef9fece43aaa2e33b420

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   654450 edbc24d8f35a894a3d301a751d2d8977
    Size/MD5 checksum:  1096044 d88283ec19ea5d867e7d28325744d8fb
    Size/MD5 checksum:   318672 ed52e8ecafb8e410eab3194914b4014d
    Size/MD5 checksum:  5054324 9ddbd413029130c610512f25aa230553

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   651410 89e26238fc91f1f75376d29a009cd751
    Size/MD5 checksum:   318572 4992c5f4f4bce500db6b3792295ad0c2
    Size/MD5 checksum:  4963322 2d397b0c64352a1a1e94534c0d0cf4de
    Size/MD5 checksum:  1086788 afb54d1620a692cb6273dbb9e3a67908

powerpc architecture (PowerPC)
    Size/MD5 checksum:  5014910 acaaacb4532ae1176e628b23aaae74fe
    Size/MD5 checksum:   362722 2824883e0fb35a6b758d89188d0be39d
    Size/MD5 checksum:   755056 890358f5bc3215a5ab59609d8bd0c1d1
    Size/MD5 checksum:  1445264 d5961438dc2a8c4798e815009792fab5

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1326506 9a6b8060e2710587d17477c4b976922a
    Size/MD5 checksum:   717976 970f51fbc28082cc53af9ddc1bb183c1
    Size/MD5 checksum:   359214 3eca65b1913b2db015f7d5c75157e5c6
    Size/MD5 checksum:  4977082 e7bfcd7d662c5c41d860baabddac9c37

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  1302702 f550e43bfd0aa9bf89d6768eb2bf3966
    Size/MD5 checksum:   329408 54fdcf6f005a936007201e8ef5a49e4c
    Size/MD5 checksum:  4611594 b6124b51dd98dba2e1194295fc46002e
    Size/MD5 checksum:   683284 f744d4b6e674fff37a0e00c1656db64e

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.10 (GNU/Linux)


Powered by blists - more mailing lists