[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NUUjo-0005Cy-PO@titan.mandriva.com>
Date: Tue, 12 Jan 2010 01:36:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:001 ] pidgin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:001
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : January 11, 2010
Affected: 2008.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in pidgin:
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium
before 1.3.7 allows remote attackers to cause a denial of service
(application crash) via crafted contact-list data for (1) ICQ and
possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).
Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
This update provides pidgin 2.6.5, which is not vulnerable to these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
2c06bb10b976371e7300df80f21c9533 2008.0/i586/finch-2.6.5-0.1mdv2008.0.i586.rpm
eec4d32bc466fe61620058eef2811c59 2008.0/i586/libfinch0-2.6.5-0.1mdv2008.0.i586.rpm
c2e83523eef01b27c13030674f1821a6 2008.0/i586/libpurple0-2.6.5-0.1mdv2008.0.i586.rpm
c048d2e19a00b62bc0c191ebd5fa0be6 2008.0/i586/libpurple-devel-2.6.5-0.1mdv2008.0.i586.rpm
dfad05993ac7cf897035fa9f89cb356f 2008.0/i586/pidgin-2.6.5-0.1mdv2008.0.i586.rpm
4f8f5bbdaa24841787dc908bbd69b6c2 2008.0/i586/pidgin-bonjour-2.6.5-0.1mdv2008.0.i586.rpm
9069609e14ecedac948eada332204cba 2008.0/i586/pidgin-client-2.6.5-0.1mdv2008.0.i586.rpm
f4bba9135a059cc4e17cef81e4e67f4c 2008.0/i586/pidgin-gevolution-2.6.5-0.1mdv2008.0.i586.rpm
ac1fb16b6cb7aee737c8257cc08d10fd 2008.0/i586/pidgin-i18n-2.6.5-0.1mdv2008.0.i586.rpm
4d27f7e644d0a046bfaaa9f8e2730b1b 2008.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2008.0.i586.rpm
ae1a27acc73fb0afdfcef69000164fff 2008.0/i586/pidgin-mono-2.6.5-0.1mdv2008.0.i586.rpm
d9e9cc8eea7b6d610c259387e1c0d793 2008.0/i586/pidgin-perl-2.6.5-0.1mdv2008.0.i586.rpm
1439d48d97f903914d4d1bce8c1b7a20 2008.0/i586/pidgin-plugins-2.6.5-0.1mdv2008.0.i586.rpm
8cae43bfd645f923ba49f6ec2e09f6ad 2008.0/i586/pidgin-silc-2.6.5-0.1mdv2008.0.i586.rpm
096a02afcc29a8d1baa34a670e2de632 2008.0/i586/pidgin-tcl-2.6.5-0.1mdv2008.0.i586.rpm
5aac126cfe57e39c1b4eba9e2152d0be 2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
734f3c61defb540185b139769bab2d85 2008.0/x86_64/finch-2.6.5-0.1mdv2008.0.x86_64.rpm
2592d99b6a0dc93e761cf204d8669f3f 2008.0/x86_64/lib64finch0-2.6.5-0.1mdv2008.0.x86_64.rpm
2df77ea5193e8e235fe56ba020a9c411 2008.0/x86_64/lib64purple0-2.6.5-0.1mdv2008.0.x86_64.rpm
07476c00358bf692c911507376c1c61f 2008.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2008.0.x86_64.rpm
71f2517d99316e3f31963941d9c36c06 2008.0/x86_64/pidgin-2.6.5-0.1mdv2008.0.x86_64.rpm
bd1217b2dc4587cfd38e0b8b2781bde7 2008.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2008.0.x86_64.rpm
5b2ef2c3a2f84c241f43f151d6713f37 2008.0/x86_64/pidgin-client-2.6.5-0.1mdv2008.0.x86_64.rpm
ec0e2975982a45eee3e37ecf07c356b5 2008.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2008.0.x86_64.rpm
d724e5fde2c4495883463a1d508e87c8 2008.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2008.0.x86_64.rpm
8d2c6a64e63d24a2da8a130b967f048a 2008.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2008.0.x86_64.rpm
2aa347dceb072b18bbd6e2665c19b7b5 2008.0/x86_64/pidgin-mono-2.6.5-0.1mdv2008.0.x86_64.rpm
aa0c7bc1e0909f2a1c0a3a890e590263 2008.0/x86_64/pidgin-perl-2.6.5-0.1mdv2008.0.x86_64.rpm
f3c4f803f7d765da7dddc900fc2a8272 2008.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2008.0.x86_64.rpm
9bacb42d819da7afa3ddc5cac0efb367 2008.0/x86_64/pidgin-silc-2.6.5-0.1mdv2008.0.x86_64.rpm
9caaf8618d807e9fd894cd4786a5792d 2008.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2008.0.x86_64.rpm
5aac126cfe57e39c1b4eba9e2152d0be 2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm
Mandriva Linux 2009.1:
269680b8627e14ab28ad538ec1794fc6 2009.1/i586/finch-2.6.5-0.1mdv2009.1.i586.rpm
3e8698694d5815efdb7087c83d798c91 2009.1/i586/libfinch0-2.6.5-0.1mdv2009.1.i586.rpm
647f99c4af50ce8048dce0501d5f40f1 2009.1/i586/libpurple0-2.6.5-0.1mdv2009.1.i586.rpm
24ed864184fe49d6c20619d56dd4e3cd 2009.1/i586/libpurple-devel-2.6.5-0.1mdv2009.1.i586.rpm
53c906b4480baaa17d4e238b1086206e 2009.1/i586/pidgin-2.6.5-0.1mdv2009.1.i586.rpm
ae1844987b0eb15307aabf6cc3da34a0 2009.1/i586/pidgin-bonjour-2.6.5-0.1mdv2009.1.i586.rpm
aae4869422c8dc493e081007a6f58371 2009.1/i586/pidgin-client-2.6.5-0.1mdv2009.1.i586.rpm
66a6b80410df0defb9485dc0bb27fb34 2009.1/i586/pidgin-gevolution-2.6.5-0.1mdv2009.1.i586.rpm
9b4f7905b504f711e67b26813dba9d0f 2009.1/i586/pidgin-i18n-2.6.5-0.1mdv2009.1.i586.rpm
72c819c5fde5e1f0bf0b0ffef243c1a8 2009.1/i586/pidgin-meanwhile-2.6.5-0.1mdv2009.1.i586.rpm
b1955f1ec6703f48e2b38ac7d9c729e8 2009.1/i586/pidgin-mono-2.6.5-0.1mdv2009.1.i586.rpm
09a3f76e8e1fc2a6779b4faab8a94cfd 2009.1/i586/pidgin-perl-2.6.5-0.1mdv2009.1.i586.rpm
42f2cff9243dd87d2408f33b4d73271a 2009.1/i586/pidgin-plugins-2.6.5-0.1mdv2009.1.i586.rpm
e3c679e80c9775621ea766dc9c6149d9 2009.1/i586/pidgin-silc-2.6.5-0.1mdv2009.1.i586.rpm
bfb8442e6b20082a70181aed3d1c783b 2009.1/i586/pidgin-tcl-2.6.5-0.1mdv2009.1.i586.rpm
fe01a680e95e685c145395daa0c74d6f 2009.1/SRPMS/pidgin-2.6.5-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
bcb40187a5240d7a9a36f7a32b18d0ab 2009.1/x86_64/finch-2.6.5-0.1mdv2009.1.x86_64.rpm
303b977f8ba5f161b179b656338dc782 2009.1/x86_64/lib64finch0-2.6.5-0.1mdv2009.1.x86_64.rpm
25353cfeb50a9900c0a65cc9472ac560 2009.1/x86_64/lib64purple0-2.6.5-0.1mdv2009.1.x86_64.rpm
865bad4d662e745bbe33aa1e564d23c4 2009.1/x86_64/lib64purple-devel-2.6.5-0.1mdv2009.1.x86_64.rpm
da00b2139642b94b27c5710e88fe4892 2009.1/x86_64/pidgin-2.6.5-0.1mdv2009.1.x86_64.rpm
8e9972a9c5830ab95f4a09705a63edbd 2009.1/x86_64/pidgin-bonjour-2.6.5-0.1mdv2009.1.x86_64.rpm
3ac48c05904cc941e066fc526d6a0194 2009.1/x86_64/pidgin-client-2.6.5-0.1mdv2009.1.x86_64.rpm
7cfc8df430f206518e7e20bafd74ff34 2009.1/x86_64/pidgin-gevolution-2.6.5-0.1mdv2009.1.x86_64.rpm
8b17dc9cde60ddea83fa160626b52b1f 2009.1/x86_64/pidgin-i18n-2.6.5-0.1mdv2009.1.x86_64.rpm
c01072c3982576a6a039234dbed521f9 2009.1/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2009.1.x86_64.rpm
361edaf5081b515632511f25cb559c32 2009.1/x86_64/pidgin-mono-2.6.5-0.1mdv2009.1.x86_64.rpm
82d8bec4c950438f2e8a528dffa12680 2009.1/x86_64/pidgin-perl-2.6.5-0.1mdv2009.1.x86_64.rpm
471f5e692b146f8468e57e37a3c32e79 2009.1/x86_64/pidgin-plugins-2.6.5-0.1mdv2009.1.x86_64.rpm
3df1f0b5635450e109475b0c788dc076 2009.1/x86_64/pidgin-silc-2.6.5-0.1mdv2009.1.x86_64.rpm
d1a235325d92b8d197d24689e9bc8c91 2009.1/x86_64/pidgin-tcl-2.6.5-0.1mdv2009.1.x86_64.rpm
fe01a680e95e685c145395daa0c74d6f 2009.1/SRPMS/pidgin-2.6.5-0.1mdv2009.1.src.rpm
Mandriva Enterprise Server 5:
bda586297f58b893e9169c3633c42f19 mes5/i586/finch-2.6.5-0.1mdvmes5.i586.rpm
7a0b2fbd75e3aab0bc575019aaf3884e mes5/i586/libfinch0-2.6.5-0.1mdvmes5.i586.rpm
d79904ede6e7f2504d69c508d355be26 mes5/i586/libpurple0-2.6.5-0.1mdvmes5.i586.rpm
017b02bdae1fbc09535c5e69d8331ac0 mes5/i586/libpurple-devel-2.6.5-0.1mdvmes5.i586.rpm
2e49866970ecd0fb77fcfe935f2ab687 mes5/i586/pidgin-2.6.5-0.1mdvmes5.i586.rpm
c2053b02a640fcb18a67a87fb135b918 mes5/i586/pidgin-bonjour-2.6.5-0.1mdvmes5.i586.rpm
cfacfe3b1132029f8338760168c36493 mes5/i586/pidgin-client-2.6.5-0.1mdvmes5.i586.rpm
f7e79cf79d7d5eb8d21239e444ed44af mes5/i586/pidgin-gevolution-2.6.5-0.1mdvmes5.i586.rpm
6eb973f74a1b04e3f0b7c5f2291b09fc mes5/i586/pidgin-i18n-2.6.5-0.1mdvmes5.i586.rpm
ca8c9b034028bdfc840bbe5a6eb26d06 mes5/i586/pidgin-meanwhile-2.6.5-0.1mdvmes5.i586.rpm
6e6208113b5475f7b85f2bb29704800d mes5/i586/pidgin-mono-2.6.5-0.1mdvmes5.i586.rpm
08b7a161b9c0a51a2499484db4e1fe79 mes5/i586/pidgin-perl-2.6.5-0.1mdvmes5.i586.rpm
0244133ee014473952027563d11d6add mes5/i586/pidgin-plugins-2.6.5-0.1mdvmes5.i586.rpm
80f4a562dfa690d2e8f0a8c5311e120e mes5/i586/pidgin-silc-2.6.5-0.1mdvmes5.i586.rpm
83b3232cf6c66d92dabb774c0def6614 mes5/i586/pidgin-tcl-2.6.5-0.1mdvmes5.i586.rpm
9ce0bda8ac562159dc716138c241a100 mes5/SRPMS/pidgin-2.6.5-0.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
f6e4c01ec1f48943b9e89ce2c953c4e1 mes5/x86_64/finch-2.6.5-0.1mdvmes5.x86_64.rpm
49eb1dc9677e41b7307400ab7ca2ee27 mes5/x86_64/lib64finch0-2.6.5-0.1mdvmes5.x86_64.rpm
18321beef2d26e1593b33f8ebb5ec1ae mes5/x86_64/lib64purple0-2.6.5-0.1mdvmes5.x86_64.rpm
c8b713e36ca72076f2a5b5eaf33ad135 mes5/x86_64/lib64purple-devel-2.6.5-0.1mdvmes5.x86_64.rpm
2c6f8d365eb937484d511655c5aa7aa3 mes5/x86_64/pidgin-2.6.5-0.1mdvmes5.x86_64.rpm
8cf704c47329f08e6b537e227d0c9940 mes5/x86_64/pidgin-bonjour-2.6.5-0.1mdvmes5.x86_64.rpm
ce206f00542b4107b5beb35a98bde3f1 mes5/x86_64/pidgin-client-2.6.5-0.1mdvmes5.x86_64.rpm
b872c17b1593e47f3507a16489e99133 mes5/x86_64/pidgin-gevolution-2.6.5-0.1mdvmes5.x86_64.rpm
152a57c69c14a94a77c4d8a3f7171eca mes5/x86_64/pidgin-i18n-2.6.5-0.1mdvmes5.x86_64.rpm
d84d73937497757ff25a7b930b33e71f mes5/x86_64/pidgin-meanwhile-2.6.5-0.1mdvmes5.x86_64.rpm
4fcc66ad7165b1478a1f9eb1b9ed983b mes5/x86_64/pidgin-mono-2.6.5-0.1mdvmes5.x86_64.rpm
8fec99559e791f5f60eb54cafce66c61 mes5/x86_64/pidgin-perl-2.6.5-0.1mdvmes5.x86_64.rpm
d5e01fb2c9062c0e5994543bc36f9b0e mes5/x86_64/pidgin-plugins-2.6.5-0.1mdvmes5.x86_64.rpm
35d7b9c4fdb6a48730992b7a7f6bb533 mes5/x86_64/pidgin-silc-2.6.5-0.1mdvmes5.x86_64.rpm
663736889037e7c6ffe8c31ac0e53e70 mes5/x86_64/pidgin-tcl-2.6.5-0.1mdvmes5.x86_64.rpm
9ce0bda8ac562159dc716138c241a100 mes5/SRPMS/pidgin-2.6.5-0.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLS5dWmqjQ0CJFipgRAuqOAJ9ZWf6gqrDNe0RfHMH2YbI3sKR7RwCcDVeC
TnSrShrUf1HCLIkglWLyznA=
=g4Z0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists