lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1S8V3l-0007im-Gh@titan.mandriva.com>
Date: Fri, 16 Mar 2012 12:11:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2012:029 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:029
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : March 16, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in pidgin:
 
 The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin
 before 2.10.2 allows remote attackers to cause a denial of service
 (NULL pointer dereference and application crash) by changing a nickname
 while in an XMPP chat room (CVE-2011-4939).
 
 The msn_oim_report_to_user function in oim.c in the MSN protocol
 plugin in libpurple in Pidgin before 2.10.2 allows remote servers to
 cause a denial of service (application crash) via an OIM message that
 lacks UTF-8 encoding (CVE-2012-1178).
 
 This update provides pidgin 2.10.2, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4939
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1178
 http://www.pidgin.im/news/security/
 http://pidgin.im/news/security/?id=60
 http://pidgin.im/news/security/?id=61
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 d43d0101f88ab54df4721b49bbfcbd47  2011/i586/finch-2.10.2-0.1-mdv2011.0.i586.rpm
 0cb536b1fb989b8706240a58ca01eb1c  2011/i586/libfinch0-2.10.2-0.1-mdv2011.0.i586.rpm
 10a39a3b20735cebdd268e8c94c66811  2011/i586/libpurple0-2.10.2-0.1-mdv2011.0.i586.rpm
 046ac86afa986a1e7dd7bae15a2e03c0  2011/i586/libpurple-devel-2.10.2-0.1-mdv2011.0.i586.rpm
 382300ecec41008daa5d31a875795fc8  2011/i586/pidgin-2.10.2-0.1-mdv2011.0.i586.rpm
 950290cc8a4a0788458d92f457aaab1e  2011/i586/pidgin-bonjour-2.10.2-0.1-mdv2011.0.i586.rpm
 b1d60f79d998fcbdd3cc00e03658a1c1  2011/i586/pidgin-client-2.10.2-0.1-mdv2011.0.i586.rpm
 ecd78ce4555ae2d022523c87c55454a4  2011/i586/pidgin-gevolution-2.10.2-0.1-mdv2011.0.i586.rpm
 ccc331d78938f4cc7e648cc7459444e4  2011/i586/pidgin-i18n-2.10.2-0.1-mdv2011.0.i586.rpm
 da7eae1f1bf161b87ea30cb3811486a6  2011/i586/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.i586.rpm
 068f7a6d905007052fc5b3b80cec7c2f  2011/i586/pidgin-perl-2.10.2-0.1-mdv2011.0.i586.rpm
 abe2d9f54fd720cc5fe0b814f0676d75  2011/i586/pidgin-plugins-2.10.2-0.1-mdv2011.0.i586.rpm
 2aaef5a16d0da257e615a5a43f5cecfe  2011/i586/pidgin-silc-2.10.2-0.1-mdv2011.0.i586.rpm
 72e4b2d2fdc011993bd85c58deaa75c7  2011/i586/pidgin-tcl-2.10.2-0.1-mdv2011.0.i586.rpm 
 fb74b14c9e4d5bc8d1e0713e0e91d788  2011/SRPMS/pidgin-2.10.2-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 9a4bf7e801d1a9cad6466e94b4be3fd0  2011/x86_64/finch-2.10.2-0.1-mdv2011.0.x86_64.rpm
 cc101bd802e81b630e18053a762ef57b  2011/x86_64/lib64finch0-2.10.2-0.1-mdv2011.0.x86_64.rpm
 753668f3396efa4269f01a31a72761bb  2011/x86_64/lib64purple0-2.10.2-0.1-mdv2011.0.x86_64.rpm
 54c16e684f7e237973bc8a4a75671997  2011/x86_64/lib64purple-devel-2.10.2-0.1-mdv2011.0.x86_64.rpm
 c67c0bdd52aa429529f8911ac84f60d3  2011/x86_64/pidgin-2.10.2-0.1-mdv2011.0.x86_64.rpm
 ee7d7717c71119cce8f3bba710a15406  2011/x86_64/pidgin-bonjour-2.10.2-0.1-mdv2011.0.x86_64.rpm
 7f84358dabcc9578beabe1d9a2d8c6d9  2011/x86_64/pidgin-client-2.10.2-0.1-mdv2011.0.x86_64.rpm
 b3f464a55d023e09101faa975aa279f6  2011/x86_64/pidgin-gevolution-2.10.2-0.1-mdv2011.0.x86_64.rpm
 ca70e67fc54f0abb959b7e5b32a17ae5  2011/x86_64/pidgin-i18n-2.10.2-0.1-mdv2011.0.x86_64.rpm
 3ec278a284fa7e9e8c108dde9237c84a  2011/x86_64/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.x86_64.rpm
 2160d440723ccd0146fdf73d080d9487  2011/x86_64/pidgin-perl-2.10.2-0.1-mdv2011.0.x86_64.rpm
 0da3d45908d0ff4f56d9257603a9b05d  2011/x86_64/pidgin-plugins-2.10.2-0.1-mdv2011.0.x86_64.rpm
 11461747aed93ec09971c3aaddc2a1dc  2011/x86_64/pidgin-silc-2.10.2-0.1-mdv2011.0.x86_64.rpm
 4f0f6e4a042ba2de61d36f0b7a5e6ee8  2011/x86_64/pidgin-tcl-2.10.2-0.1-mdv2011.0.x86_64.rpm 
 fb74b14c9e4d5bc8d1e0713e0e91d788  2011/SRPMS/pidgin-2.10.2-0.1.src.rpm

 Mandriva Enterprise Server 5:
 98176bf2dc43db51bda56e352a932a31  mes5/i586/finch-2.10.2-0.1mdvmes5.2.i586.rpm
 3a3968095ec2913ae4804e402185973e  mes5/i586/libfinch0-2.10.2-0.1mdvmes5.2.i586.rpm
 afde08c26b239b655ca572e36e130225  mes5/i586/libpurple0-2.10.2-0.1mdvmes5.2.i586.rpm
 e1962de89b05b7030980b67eb8468112  mes5/i586/libpurple-devel-2.10.2-0.1mdvmes5.2.i586.rpm
 b86d63e64d1e7f6088f814e7ed7f750b  mes5/i586/pidgin-2.10.2-0.1mdvmes5.2.i586.rpm
 71858e3b063eb3069fb1f26b57842572  mes5/i586/pidgin-bonjour-2.10.2-0.1mdvmes5.2.i586.rpm
 9adf07b928e291b16009cd20a2948dca  mes5/i586/pidgin-client-2.10.2-0.1mdvmes5.2.i586.rpm
 c3f899d615f11a811da7b42e313b5727  mes5/i586/pidgin-gevolution-2.10.2-0.1mdvmes5.2.i586.rpm
 6d7840859c24f27bf365afd9985c248c  mes5/i586/pidgin-i18n-2.10.2-0.1mdvmes5.2.i586.rpm
 fcab90775cd1e9502f859503820838ff  mes5/i586/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.i586.rpm
 c22fd1876ba641fa62c6f9b45cb5a761  mes5/i586/pidgin-perl-2.10.2-0.1mdvmes5.2.i586.rpm
 e6e5fd2457eaf4761caf82520a6b97e2  mes5/i586/pidgin-plugins-2.10.2-0.1mdvmes5.2.i586.rpm
 cac016b838884059b56d96b221e019f1  mes5/i586/pidgin-silc-2.10.2-0.1mdvmes5.2.i586.rpm
 1c7900f6d723b5f7dbf3043dc72fc06b  mes5/i586/pidgin-tcl-2.10.2-0.1mdvmes5.2.i586.rpm 
 5d7d088675ef2278ecd8abaecce60ea2  mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 386eea89cf9212b8c39bf7c35f17aba4  mes5/x86_64/finch-2.10.2-0.1mdvmes5.2.x86_64.rpm
 72a3e88110705a28bfdaa2a983ffda93  mes5/x86_64/lib64finch0-2.10.2-0.1mdvmes5.2.x86_64.rpm
 a80684b67e6873757895b8f19ffd0b58  mes5/x86_64/lib64purple0-2.10.2-0.1mdvmes5.2.x86_64.rpm
 df45736b7a7f6874545ac0e21c8ab654  mes5/x86_64/lib64purple-devel-2.10.2-0.1mdvmes5.2.x86_64.rpm
 48c2332c458fc7eb09c09e3b9aa489fa  mes5/x86_64/pidgin-2.10.2-0.1mdvmes5.2.x86_64.rpm
 55f50f19e45c40201221c4fc974a1bcc  mes5/x86_64/pidgin-bonjour-2.10.2-0.1mdvmes5.2.x86_64.rpm
 a2ef0a13cdf19b49bfb255128618c451  mes5/x86_64/pidgin-client-2.10.2-0.1mdvmes5.2.x86_64.rpm
 81938c1e9ded10b9529f2bfc481bfa3c  mes5/x86_64/pidgin-gevolution-2.10.2-0.1mdvmes5.2.x86_64.rpm
 bbce183143e426c03a91e58e49880c24  mes5/x86_64/pidgin-i18n-2.10.2-0.1mdvmes5.2.x86_64.rpm
 0899857f03f5ea37a27f55d8cf5dcc05  mes5/x86_64/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.x86_64.rpm
 962492864ecd5dd982761ce511de10aa  mes5/x86_64/pidgin-perl-2.10.2-0.1mdvmes5.2.x86_64.rpm
 47d1c889595cb334cf4259c909c04c66  mes5/x86_64/pidgin-plugins-2.10.2-0.1mdvmes5.2.x86_64.rpm
 f47e860c64fa593d1e2ee45631b36e04  mes5/x86_64/pidgin-silc-2.10.2-0.1mdvmes5.2.x86_64.rpm
 cd28db4b2d38e3ccc760572b3cb5fcb3  mes5/x86_64/pidgin-tcl-2.10.2-0.1mdvmes5.2.x86_64.rpm 
 5d7d088675ef2278ecd8abaecce60ea2  mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPYvMjmqjQ0CJFipgRAvgOAJ0XpDNHUxenK3wPbl1HnGsbboIS1ACgyTMA
+23QTOHoHQuUnBhtXSsUYCg=
=HVjt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ