[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NHMqr-0008QR-3V@titan.mandriva.com>
Date: Sun, 06 Dec 2009 20:33:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:321 ] pidgin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:321
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : December 6, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in pidgin:
The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)
Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
msn_slplink_process_msg function. (CVE-2008-2955)
The UPnP functionality in Pidgin 2.0.0, and possibly other versions,
allows remote attackers to trigger the download of arbitrary files
and cause a denial of service (memory or disk consumption) via a UDP
packet that specifies an arbitrary URL. (CVE-2008-2957)
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
(formerly Gaim) before 2.5.6 allows remote authenticated users to
execute arbitrary code via vectors involving an outbound XMPP file
transfer. NOTE: some of these details are obtained from third party
information (CVE-2009-1373).
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).
Multiple integer overflows in the msn_slplink_process_msg functions in
the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and
(2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)
before 2.5.6 on 32-bit platforms allow remote attackers to execute
arbitrary code via a malformed SLP message with a crafted offset
value, leading to buffer overflows. NOTE: this issue exists because
of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets
the ICQWebMessage message type as the ICQSMS message type, which
allows remote attackers to cause a denial of service (application
crash) via a crafted ICQ web message that triggers allocation of a
large amount of memory (CVE-2009-1889).
The msn_slplink_process_msg function in
libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin
(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) by sending multiple crafted
SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary
memory location. NOTE: this issue reportedly exists because of an
incomplete fix for CVE-2009-1376 (CVE-2009-2694).
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers
to cause a denial of service (crash) via a link in a Yahoo IM
(CVE-2009-3025)
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly
other versions, does not follow the require TLS/SSL preference
when connecting to older Jabber servers that do not follow the XMPP
specification, which causes libpurple to connect to the server without
the expected encryption and allows remote attackers to sniff sessions
(CVE-2009-3026).
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple
in Pidgin before 2.6.2 allows remote IRC servers to cause a denial
of service (NULL pointer dereference and application crash) via a
TOPIC message that lacks a topic string (CVE-2009-2703).
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the
MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote
attackers to cause a denial of service (NULL pointer dereference
and application crash) via an SLP invite message that lacks certain
required fields, as demonstrated by a malformed message from a KMess
client (CVE-2009-3083).
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c
in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in
Pidgin before 2.6.2, allows remote attackers to cause a denial of
service (application crash) via a handwritten (aka Ink) message,
related to an uninitialized variable and the incorrect UTF16-LE
charset name (CVE-2009-3084).
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does
not properly handle an error IQ stanza during an attempted fetch of
a custom smiley, which allows remote attackers to cause a denial of
service (application crash) via XHTML-IM content with cid: images
(CVE-2009-3085).
This update provides pidgin 2.6.2, which is not vulnerable to these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
e689b143ca593c49c1954a42f351dec1 2008.0/i586/finch-2.6.2-0.1mdv2008.0.i586.rpm
3d5f88bb7cd0b3e5596e02760c182169 2008.0/i586/libfinch0-2.6.2-0.1mdv2008.0.i586.rpm
8e55d77f7cb8c6907739a38b49e9b2a4 2008.0/i586/libpurple0-2.6.2-0.1mdv2008.0.i586.rpm
d2419f4c7ae2e8f3b7ef0d971db1aa9e 2008.0/i586/libpurple-devel-2.6.2-0.1mdv2008.0.i586.rpm
1f0b2327e8d8585e1628e95fb95b8f1f 2008.0/i586/pidgin-2.6.2-0.1mdv2008.0.i586.rpm
f5d4a2f7ee6257de2051419a2ef74170 2008.0/i586/pidgin-bonjour-2.6.2-0.1mdv2008.0.i586.rpm
7685fcc80fbd3fabe86ce3d5f05b5cdb 2008.0/i586/pidgin-client-2.6.2-0.1mdv2008.0.i586.rpm
e8b7bcc521d6300673a242866938b002 2008.0/i586/pidgin-gevolution-2.6.2-0.1mdv2008.0.i586.rpm
e2c88e96a1c0cee77fc70508ccd2c70b 2008.0/i586/pidgin-i18n-2.6.2-0.1mdv2008.0.i586.rpm
c30173a970503943343566d4f2cf301e 2008.0/i586/pidgin-meanwhile-2.6.2-0.1mdv2008.0.i586.rpm
baeb7aa1acbaead9894b91a0aecc08de 2008.0/i586/pidgin-mono-2.6.2-0.1mdv2008.0.i586.rpm
b25cf481dccfa9ca7d80fb1467d2660e 2008.0/i586/pidgin-perl-2.6.2-0.1mdv2008.0.i586.rpm
dd7cf20fc74574228f31041d35e1ab66 2008.0/i586/pidgin-plugins-2.6.2-0.1mdv2008.0.i586.rpm
b767e2f9176a5d019e33f4b5c67d70c8 2008.0/i586/pidgin-silc-2.6.2-0.1mdv2008.0.i586.rpm
73f3f1b07a4fec717156bdd570c08218 2008.0/i586/pidgin-tcl-2.6.2-0.1mdv2008.0.i586.rpm
31343284647509cf77b6a238ae71573f 2008.0/SRPMS/pidgin-2.6.2-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
1466474428fcfbe6c9cc915230644c81 2008.0/x86_64/finch-2.6.2-0.1mdv2008.0.x86_64.rpm
9e5dcbf4a1c6fef3c2b2a18959af98bf 2008.0/x86_64/lib64finch0-2.6.2-0.1mdv2008.0.x86_64.rpm
bce8e0800fb41de6384a1e71b6777d3a 2008.0/x86_64/lib64purple0-2.6.2-0.1mdv2008.0.x86_64.rpm
fe365356c28c3f4e9f1581f2e34d6c4a 2008.0/x86_64/lib64purple-devel-2.6.2-0.1mdv2008.0.x86_64.rpm
41023f5c93b3984fb02838f153f80d27 2008.0/x86_64/pidgin-2.6.2-0.1mdv2008.0.x86_64.rpm
40b4fa6b0e304dbe08b8088c2b601c2d 2008.0/x86_64/pidgin-bonjour-2.6.2-0.1mdv2008.0.x86_64.rpm
dfa9b041ebac164400edc4ce77a9055b 2008.0/x86_64/pidgin-client-2.6.2-0.1mdv2008.0.x86_64.rpm
33a1243f7481cdde117ab1c5e77933e4 2008.0/x86_64/pidgin-gevolution-2.6.2-0.1mdv2008.0.x86_64.rpm
baf2e28e00335329637224b34f3b10f2 2008.0/x86_64/pidgin-i18n-2.6.2-0.1mdv2008.0.x86_64.rpm
fbec0ef4148efcc7903841acb4262a7d 2008.0/x86_64/pidgin-meanwhile-2.6.2-0.1mdv2008.0.x86_64.rpm
007d6ceb35a1876146d6a080d701e2cc 2008.0/x86_64/pidgin-mono-2.6.2-0.1mdv2008.0.x86_64.rpm
daa1bb586b4f8af231f3fbbedbdc67cb 2008.0/x86_64/pidgin-perl-2.6.2-0.1mdv2008.0.x86_64.rpm
a17b42e7d8909f64849aa2dbfddff5b3 2008.0/x86_64/pidgin-plugins-2.6.2-0.1mdv2008.0.x86_64.rpm
b71b668bfda4e72efa4046faadeb6514 2008.0/x86_64/pidgin-silc-2.6.2-0.1mdv2008.0.x86_64.rpm
92fa40d38b6c7db8217deb2465c33eb9 2008.0/x86_64/pidgin-tcl-2.6.2-0.1mdv2008.0.x86_64.rpm
31343284647509cf77b6a238ae71573f 2008.0/SRPMS/pidgin-2.6.2-0.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLG9uPmqjQ0CJFipgRAsjpAKCWZGoH1uv7zx1DI3nnvsVbsWFCmgCfVetE
sDGPDAQxob7ySZ6AV6S2E2c=
=f2+x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists