lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NHMqr-0008QR-3V@titan.mandriva.com>
Date: Sun, 06 Dec 2009 20:33:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:321 ] pidgin


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:321
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : December 6, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities has been identified and fixed in pidgin:
 
 The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
 certificates, which makes it easier for remote attackers to trick
 a user into accepting an invalid server certificate for a spoofed
 service. (CVE-2008-3532)
 
 Pidgin 2.4.1 allows remote attackers to cause a denial of service
 (crash) via a long filename that contains certain characters, as
 demonstrated using an MSN message that triggers the crash in the
 msn_slplink_process_msg function. (CVE-2008-2955)
 
 The UPnP functionality in Pidgin 2.0.0, and possibly other versions,
 allows remote attackers to trigger the download of arbitrary files
 and cause a denial of service (memory or disk consumption) via a UDP
 packet that specifies an arbitrary URL. (CVE-2008-2957)
 
 Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
 (formerly Gaim) before 2.5.6 allows remote authenticated users to
 execute arbitrary code via vectors involving an outbound XMPP file
 transfer. NOTE: some of these details are obtained from third party
 information (CVE-2009-1373).
 
 Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
 before 2.5.6 allows remote attackers to cause a denial of service
 (application crash) via a QQ packet (CVE-2009-1374).
 
 The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
 2.5.6 does not properly maintain a certain buffer, which allows
 remote attackers to cause a denial of service (memory corruption
 and application crash) via vectors involving the (1) XMPP or (2)
 Sametime protocol (CVE-2009-1375).
 
 Multiple integer overflows in the msn_slplink_process_msg functions in
 the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and
 (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)
 before 2.5.6 on 32-bit platforms allow remote attackers to execute
 arbitrary code via a malformed SLP message with a crafted offset
 value, leading to buffer overflows. NOTE: this issue exists because
 of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).
 
 The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets
 the ICQWebMessage message type as the ICQSMS message type, which
 allows remote attackers to cause a denial of service (application
 crash) via a crafted ICQ web message that triggers allocation of a
 large amount of memory (CVE-2009-1889).
 
 The msn_slplink_process_msg function in
 libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin
 (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows
 remote attackers to execute arbitrary code or cause a denial of service
 (memory corruption and application crash) by sending multiple crafted
 SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary
 memory location.  NOTE: this issue reportedly exists because of an
 incomplete fix for CVE-2009-1376 (CVE-2009-2694).
 
 Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers
 to cause a denial of service (crash) via a link in a Yahoo IM
 (CVE-2009-3025)
 
 protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly
 other versions, does not follow the require TLS/SSL preference
 when connecting to older Jabber servers that do not follow the XMPP
 specification, which causes libpurple to connect to the server without
 the expected encryption and allows remote attackers to sniff sessions
 (CVE-2009-3026).
 
 libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple
 in Pidgin before 2.6.2 allows remote IRC servers to cause a denial
 of service (NULL pointer dereference and application crash) via a
 TOPIC message that lacks a topic string (CVE-2009-2703).
 
 The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the
 MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote
 attackers to cause a denial of service (NULL pointer dereference
 and application crash) via an SLP invite message that lacks certain
 required fields, as demonstrated by a malformed message from a KMess
 client (CVE-2009-3083).
 
 The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c
 in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in
 Pidgin before 2.6.2, allows remote attackers to cause a denial of
 service (application crash) via a handwritten (aka Ink) message,
 related to an uninitialized variable and the incorrect UTF16-LE
 charset name (CVE-2009-3084).
 
 The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does
 not properly handle an error IQ stanza during an attempted fetch of
 a custom smiley, which allows remote attackers to cause a denial of
 service (application crash) via XHTML-IM content with cid: images
 (CVE-2009-3085).
 
 This update provides pidgin 2.6.2, which is not vulnerable to these
 issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1889
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3025
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085
 http://pidgin.im/news/security/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 e689b143ca593c49c1954a42f351dec1  2008.0/i586/finch-2.6.2-0.1mdv2008.0.i586.rpm
 3d5f88bb7cd0b3e5596e02760c182169  2008.0/i586/libfinch0-2.6.2-0.1mdv2008.0.i586.rpm
 8e55d77f7cb8c6907739a38b49e9b2a4  2008.0/i586/libpurple0-2.6.2-0.1mdv2008.0.i586.rpm
 d2419f4c7ae2e8f3b7ef0d971db1aa9e  2008.0/i586/libpurple-devel-2.6.2-0.1mdv2008.0.i586.rpm
 1f0b2327e8d8585e1628e95fb95b8f1f  2008.0/i586/pidgin-2.6.2-0.1mdv2008.0.i586.rpm
 f5d4a2f7ee6257de2051419a2ef74170  2008.0/i586/pidgin-bonjour-2.6.2-0.1mdv2008.0.i586.rpm
 7685fcc80fbd3fabe86ce3d5f05b5cdb  2008.0/i586/pidgin-client-2.6.2-0.1mdv2008.0.i586.rpm
 e8b7bcc521d6300673a242866938b002  2008.0/i586/pidgin-gevolution-2.6.2-0.1mdv2008.0.i586.rpm
 e2c88e96a1c0cee77fc70508ccd2c70b  2008.0/i586/pidgin-i18n-2.6.2-0.1mdv2008.0.i586.rpm
 c30173a970503943343566d4f2cf301e  2008.0/i586/pidgin-meanwhile-2.6.2-0.1mdv2008.0.i586.rpm
 baeb7aa1acbaead9894b91a0aecc08de  2008.0/i586/pidgin-mono-2.6.2-0.1mdv2008.0.i586.rpm
 b25cf481dccfa9ca7d80fb1467d2660e  2008.0/i586/pidgin-perl-2.6.2-0.1mdv2008.0.i586.rpm
 dd7cf20fc74574228f31041d35e1ab66  2008.0/i586/pidgin-plugins-2.6.2-0.1mdv2008.0.i586.rpm
 b767e2f9176a5d019e33f4b5c67d70c8  2008.0/i586/pidgin-silc-2.6.2-0.1mdv2008.0.i586.rpm
 73f3f1b07a4fec717156bdd570c08218  2008.0/i586/pidgin-tcl-2.6.2-0.1mdv2008.0.i586.rpm 
 31343284647509cf77b6a238ae71573f  2008.0/SRPMS/pidgin-2.6.2-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 1466474428fcfbe6c9cc915230644c81  2008.0/x86_64/finch-2.6.2-0.1mdv2008.0.x86_64.rpm
 9e5dcbf4a1c6fef3c2b2a18959af98bf  2008.0/x86_64/lib64finch0-2.6.2-0.1mdv2008.0.x86_64.rpm
 bce8e0800fb41de6384a1e71b6777d3a  2008.0/x86_64/lib64purple0-2.6.2-0.1mdv2008.0.x86_64.rpm
 fe365356c28c3f4e9f1581f2e34d6c4a  2008.0/x86_64/lib64purple-devel-2.6.2-0.1mdv2008.0.x86_64.rpm
 41023f5c93b3984fb02838f153f80d27  2008.0/x86_64/pidgin-2.6.2-0.1mdv2008.0.x86_64.rpm
 40b4fa6b0e304dbe08b8088c2b601c2d  2008.0/x86_64/pidgin-bonjour-2.6.2-0.1mdv2008.0.x86_64.rpm
 dfa9b041ebac164400edc4ce77a9055b  2008.0/x86_64/pidgin-client-2.6.2-0.1mdv2008.0.x86_64.rpm
 33a1243f7481cdde117ab1c5e77933e4  2008.0/x86_64/pidgin-gevolution-2.6.2-0.1mdv2008.0.x86_64.rpm
 baf2e28e00335329637224b34f3b10f2  2008.0/x86_64/pidgin-i18n-2.6.2-0.1mdv2008.0.x86_64.rpm
 fbec0ef4148efcc7903841acb4262a7d  2008.0/x86_64/pidgin-meanwhile-2.6.2-0.1mdv2008.0.x86_64.rpm
 007d6ceb35a1876146d6a080d701e2cc  2008.0/x86_64/pidgin-mono-2.6.2-0.1mdv2008.0.x86_64.rpm
 daa1bb586b4f8af231f3fbbedbdc67cb  2008.0/x86_64/pidgin-perl-2.6.2-0.1mdv2008.0.x86_64.rpm
 a17b42e7d8909f64849aa2dbfddff5b3  2008.0/x86_64/pidgin-plugins-2.6.2-0.1mdv2008.0.x86_64.rpm
 b71b668bfda4e72efa4046faadeb6514  2008.0/x86_64/pidgin-silc-2.6.2-0.1mdv2008.0.x86_64.rpm
 92fa40d38b6c7db8217deb2465c33eb9  2008.0/x86_64/pidgin-tcl-2.6.2-0.1mdv2008.0.x86_64.rpm 
 31343284647509cf77b6a238ae71573f  2008.0/SRPMS/pidgin-2.6.2-0.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLG9uPmqjQ0CJFipgRAsjpAKCWZGoH1uv7zx1DI3nnvsVbsWFCmgCfVetE
sDGPDAQxob7ySZ6AV6S2E2c=
=f2+x
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ