| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Feb 2010 15:45:00 +0100 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2010:041 ] pidgin -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:041 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pidgin Date : February 18, 2010 Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in pidgin: Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420). oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.6, which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 http://pidgin.im/news/security/ _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 7b6b149b6d3b66ac216ffdb39366d122 2008.0/i586/finch-2.6.6-0.1mdv2008.0.i586.rpm f8ef6b0bfb06eb0617fe0056b61838fc 2008.0/i586/libfinch0-2.6.6-0.1mdv2008.0.i586.rpm c9f08705a68c551450888cbd383f8e56 2008.0/i586/libpurple0-2.6.6-0.1mdv2008.0.i586.rpm fbfd67f6c3e9f70d3f6f67bbec3bb4aa 2008.0/i586/libpurple-devel-2.6.6-0.1mdv2008.0.i586.rpm 6d755e7a06ffc9448284b8c4eb740ea1 2008.0/i586/pidgin-2.6.6-0.1mdv2008.0.i586.rpm 832a2337f06dca86d03bd63700a0b6fc 2008.0/i586/pidgin-bonjour-2.6.6-0.1mdv2008.0.i586.rpm 4aae5ff624474b1a3ab1881fcaefa8a6 2008.0/i586/pidgin-client-2.6.6-0.1mdv2008.0.i586.rpm 7efd3e7f89696fee9bbe296a670e9df9 2008.0/i586/pidgin-gevolution-2.6.6-0.1mdv2008.0.i586.rpm 8f5738068a81d1ffe99d59899713d16a 2008.0/i586/pidgin-i18n-2.6.6-0.1mdv2008.0.i586.rpm 58a0e6335b9c96521f59c91a85345e01 2008.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2008.0.i586.rpm 3ac4042242d37f433273ab51a1cb4c0b 2008.0/i586/pidgin-mono-2.6.6-0.1mdv2008.0.i586.rpm 6da48c44f958ffb67455d8f509666c10 2008.0/i586/pidgin-perl-2.6.6-0.1mdv2008.0.i586.rpm e91b445d44e9f91a2ec01a810a4c38a8 2008.0/i586/pidgin-plugins-2.6.6-0.1mdv2008.0.i586.rpm c8e71cea5a86ebcb8c7ed9d6dac24b6e 2008.0/i586/pidgin-silc-2.6.6-0.1mdv2008.0.i586.rpm e7c31cba54af11f0edb6751bd7588020 2008.0/i586/pidgin-tcl-2.6.6-0.1mdv2008.0.i586.rpm 70ad21797df8b08cbfb58fc68eb4a8cf 2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c9e7f9564baccc6bc287efca970e38d5 2008.0/x86_64/finch-2.6.6-0.1mdv2008.0.x86_64.rpm 4fd49c393a4088afa297fe4a81ca65b3 2008.0/x86_64/lib64finch0-2.6.6-0.1mdv2008.0.x86_64.rpm 2b40ea32871b376e4dd73f49ec2a36d7 2008.0/x86_64/lib64purple0-2.6.6-0.1mdv2008.0.x86_64.rpm 05503a1c0b1bbd012f3189787e09f3e5 2008.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2008.0.x86_64.rpm e3d4bc963da791a4a5dc8045d31f0c54 2008.0/x86_64/pidgin-2.6.6-0.1mdv2008.0.x86_64.rpm bcae488fe843bb895bba2ad5b18e86bc 2008.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2008.0.x86_64.rpm e168b0d56e10dfe2c876702faa408f7e 2008.0/x86_64/pidgin-client-2.6.6-0.1mdv2008.0.x86_64.rpm 0715caa8f7089f61d33d92713b269324 2008.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2008.0.x86_64.rpm 5e951d56643525136acf0da0e5f7f21e 2008.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2008.0.x86_64.rpm 11d8b84a808c378a20643b4804df07f9 2008.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2008.0.x86_64.rpm 8363da50ff8fc2e1308f6cb4a0232a57 2008.0/x86_64/pidgin-mono-2.6.6-0.1mdv2008.0.x86_64.rpm a9deb37c4c307cf813bd4e9b623ec887 2008.0/x86_64/pidgin-perl-2.6.6-0.1mdv2008.0.x86_64.rpm 212ed915b101ddcbbfbb6d16b3b2e16c 2008.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2008.0.x86_64.rpm 3d844afe270123a03624936762f6d933 2008.0/x86_64/pidgin-silc-2.6.6-0.1mdv2008.0.x86_64.rpm 7c311ac8a7ceec13d4933a4840c2c3a9 2008.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2008.0.x86_64.rpm 70ad21797df8b08cbfb58fc68eb4a8cf 2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm Mandriva Linux 2009.1: cb7a40ecc6ae8dd5a35d16f892be6837 2009.1/i586/finch-2.6.6-0.1mdv2009.1.i586.rpm 82db17cb68dddce64cffb125da531871 2009.1/i586/libfinch0-2.6.6-0.1mdv2009.1.i586.rpm 5ed7e9c7503ec5a860bcb4a08a1dfc52 2009.1/i586/libpurple0-2.6.6-0.1mdv2009.1.i586.rpm 3c7e67bede967dc9a75e67f5ba0d4682 2009.1/i586/libpurple-devel-2.6.6-0.1mdv2009.1.i586.rpm 1c9490f205ef22d235c62ec8919eb9f5 2009.1/i586/pidgin-2.6.6-0.1mdv2009.1.i586.rpm 02a7a3b4f7c329a27445c27661ca1589 2009.1/i586/pidgin-bonjour-2.6.6-0.1mdv2009.1.i586.rpm 432ea2a9fb79a07e7490f6ab832613e7 2009.1/i586/pidgin-client-2.6.6-0.1mdv2009.1.i586.rpm e31b2a2b667dacbdc918e8b5dbcff996 2009.1/i586/pidgin-gevolution-2.6.6-0.1mdv2009.1.i586.rpm 4b0c2b039dd58992507ca2f0bb801b22 2009.1/i586/pidgin-i18n-2.6.6-0.1mdv2009.1.i586.rpm 9e39513f6310f39999bb4645545fc5c7 2009.1/i586/pidgin-meanwhile-2.6.6-0.1mdv2009.1.i586.rpm 0e7787c636f4f30cba7ad4d863fb720c 2009.1/i586/pidgin-mono-2.6.6-0.1mdv2009.1.i586.rpm 2df8fbea4fa43b7cfbda29241614907f 2009.1/i586/pidgin-perl-2.6.6-0.1mdv2009.1.i586.rpm ab2a3d17c627da8e0f445de8f6a1f371 2009.1/i586/pidgin-plugins-2.6.6-0.1mdv2009.1.i586.rpm fed0dc5e71e51bda6e1c6e5dc4296883 2009.1/i586/pidgin-silc-2.6.6-0.1mdv2009.1.i586.rpm 010fe45d263e609656af0c3b5235d9a1 2009.1/i586/pidgin-tcl-2.6.6-0.1mdv2009.1.i586.rpm 1a90d8b3989e31ab9d1769b454de8a42 2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 21abb5508ce03d26b88b942af4e14a4f 2009.1/x86_64/finch-2.6.6-0.1mdv2009.1.x86_64.rpm c308a1b01304d63cd58dbabcab49119b 2009.1/x86_64/lib64finch0-2.6.6-0.1mdv2009.1.x86_64.rpm cf0c32085702b936a1f69e1caa6e2dcc 2009.1/x86_64/lib64purple0-2.6.6-0.1mdv2009.1.x86_64.rpm 232104e2b9bb0c66aa774f365a45b2ad 2009.1/x86_64/lib64purple-devel-2.6.6-0.1mdv2009.1.x86_64.rpm 8043caea0b17e2de041c4ae0465d90ea 2009.1/x86_64/pidgin-2.6.6-0.1mdv2009.1.x86_64.rpm 0f6c55a69562a532b1100670571c3b26 2009.1/x86_64/pidgin-bonjour-2.6.6-0.1mdv2009.1.x86_64.rpm c09462c1ef04b6ddc0223a02ccdb166f 2009.1/x86_64/pidgin-client-2.6.6-0.1mdv2009.1.x86_64.rpm 6ac732d589d33f7181ea8dadbfd9942e 2009.1/x86_64/pidgin-gevolution-2.6.6-0.1mdv2009.1.x86_64.rpm 0fa53c5e0337129d90d774726dee4125 2009.1/x86_64/pidgin-i18n-2.6.6-0.1mdv2009.1.x86_64.rpm 93457954dbd33a99f42bad1a0a98c109 2009.1/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2009.1.x86_64.rpm 05fecf234348f4d4397fc2e48f1be04e 2009.1/x86_64/pidgin-mono-2.6.6-0.1mdv2009.1.x86_64.rpm 033f93c6dc9298e5f3dc0fa89c587b9b 2009.1/x86_64/pidgin-perl-2.6.6-0.1mdv2009.1.x86_64.rpm 664e601cd561b106c0a158a648492528 2009.1/x86_64/pidgin-plugins-2.6.6-0.1mdv2009.1.x86_64.rpm 95ed0f1bfd9baba0e23cb0c50d3757b7 2009.1/x86_64/pidgin-silc-2.6.6-0.1mdv2009.1.x86_64.rpm 52828745a279468c82975af28a385151 2009.1/x86_64/pidgin-tcl-2.6.6-0.1mdv2009.1.x86_64.rpm 1a90d8b3989e31ab9d1769b454de8a42 2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 1c29f9d4c4f6f4cfbc0944bceeb6668b 2010.0/i586/finch-2.6.6-0.1mdv2010.0.i586.rpm 29bfd28b9aea472156e5a9de553bc1b7 2010.0/i586/libfinch0-2.6.6-0.1mdv2010.0.i586.rpm 496a494ab167a8bfb6dee5928e5b34e1 2010.0/i586/libpurple0-2.6.6-0.1mdv2010.0.i586.rpm 6b0f5a9b3baa507fceab913a4f048047 2010.0/i586/libpurple-devel-2.6.6-0.1mdv2010.0.i586.rpm 385680fa424f34569f8c0c6f3dee4f4a 2010.0/i586/pidgin-2.6.6-0.1mdv2010.0.i586.rpm c07570c72eb5679964a16e40328f78cc 2010.0/i586/pidgin-bonjour-2.6.6-0.1mdv2010.0.i586.rpm bed045f942b8581a8f218070eab86dd0 2010.0/i586/pidgin-client-2.6.6-0.1mdv2010.0.i586.rpm 50c4dacdb01d054ab5e0b80309704cb7 2010.0/i586/pidgin-gevolution-2.6.6-0.1mdv2010.0.i586.rpm ab3939b75120e531e60e312a385533ff 2010.0/i586/pidgin-i18n-2.6.6-0.1mdv2010.0.i586.rpm 149b333453e1126a3b4641e19906c88f 2010.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2010.0.i586.rpm 29d5d75e9d84ada8fb82ce176f782226 2010.0/i586/pidgin-mono-2.6.6-0.1mdv2010.0.i586.rpm 01443fc929ffd95481bae32ad4399819 2010.0/i586/pidgin-perl-2.6.6-0.1mdv2010.0.i586.rpm 84781f1d515702edad903793a867fd23 2010.0/i586/pidgin-plugins-2.6.6-0.1mdv2010.0.i586.rpm 3c1828e4cde8c0c36cdc6b242642d3a8 2010.0/i586/pidgin-silc-2.6.6-0.1mdv2010.0.i586.rpm cfb8a979ecb4af00249c9ea1586ba43b 2010.0/i586/pidgin-tcl-2.6.6-0.1mdv2010.0.i586.rpm 179fe3c8d4d38eadee60cbfb51aeb19c 2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 6eaad34c716bbdd7fa01c5feed445f76 2010.0/x86_64/finch-2.6.6-0.1mdv2010.0.x86_64.rpm ab025b0de4c4a7d8047309c2d94ce0c0 2010.0/x86_64/lib64finch0-2.6.6-0.1mdv2010.0.x86_64.rpm ff08767b311b4cd0fae4b756a86c4787 2010.0/x86_64/lib64purple0-2.6.6-0.1mdv2010.0.x86_64.rpm ca65fc197deb32c6e8b05c67c457c66b 2010.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2010.0.x86_64.rpm 32dd77d13f9d18480a44d9e711e6fe53 2010.0/x86_64/pidgin-2.6.6-0.1mdv2010.0.x86_64.rpm 169a880508c91e1a4444c546776fcd00 2010.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2010.0.x86_64.rpm 6bcdf650c31b3092992e943e7b2aa070 2010.0/x86_64/pidgin-client-2.6.6-0.1mdv2010.0.x86_64.rpm 2afdef1f1fc09373856b65d7f71e8621 2010.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2010.0.x86_64.rpm 6a4a9fb474d69168216e72331ad6ad9c 2010.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2010.0.x86_64.rpm 7edfcfbe7a2ce9a6b01232558f641ec7 2010.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2010.0.x86_64.rpm ec35aac66e974579e06fbb6057a6df31 2010.0/x86_64/pidgin-mono-2.6.6-0.1mdv2010.0.x86_64.rpm 20e61a99135d61b0deb910648b78923e 2010.0/x86_64/pidgin-perl-2.6.6-0.1mdv2010.0.x86_64.rpm ae9cdc960d4edc6c8bc1854250203036 2010.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2010.0.x86_64.rpm b80ea4263b63cfc34dd4009ee362090b 2010.0/x86_64/pidgin-silc-2.6.6-0.1mdv2010.0.x86_64.rpm 3d3ade5b5518b513edc78d1b12a4073c 2010.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2010.0.x86_64.rpm 179fe3c8d4d38eadee60cbfb51aeb19c 2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm Mandriva Enterprise Server 5: 149dcd26bf531e6ee3e75b3eccc0b9ba mes5/i586/finch-2.6.6-0.1mdvmes5.i586.rpm 1a10b71c66ed39bdd40846721fb0a87b mes5/i586/libfinch0-2.6.6-0.1mdvmes5.i586.rpm 6929c7486d4d242eb4c1bb3c11d2a945 mes5/i586/libpurple0-2.6.6-0.1mdvmes5.i586.rpm 1d2539414922b39bc00b62755ddaa816 mes5/i586/libpurple-devel-2.6.6-0.1mdvmes5.i586.rpm 732cba3fd4e87cd9b8b619c5c69ab992 mes5/i586/pidgin-2.6.6-0.1mdvmes5.i586.rpm 9fd465a4f8fac859c99866105f7b8ca6 mes5/i586/pidgin-bonjour-2.6.6-0.1mdvmes5.i586.rpm cc9df9d83f6d502be50ab878fb59548a mes5/i586/pidgin-client-2.6.6-0.1mdvmes5.i586.rpm 83e99b56360e08fd571073c73c1e90b1 mes5/i586/pidgin-gevolution-2.6.6-0.1mdvmes5.i586.rpm c19131aa4670612f77df7fefa0075832 mes5/i586/pidgin-i18n-2.6.6-0.1mdvmes5.i586.rpm b1102c9ae4445baf526c6c146300f5c2 mes5/i586/pidgin-meanwhile-2.6.6-0.1mdvmes5.i586.rpm 97a7683edc25e5d4e1291086e882db52 mes5/i586/pidgin-mono-2.6.6-0.1mdvmes5.i586.rpm b456b539f96ddf35cb06ce8d0ffc1c13 mes5/i586/pidgin-perl-2.6.6-0.1mdvmes5.i586.rpm 494d4e499b6b3edd278d24051d844eaf mes5/i586/pidgin-plugins-2.6.6-0.1mdvmes5.i586.rpm a3bde2acd56c097262e2e82b6dad619d mes5/i586/pidgin-silc-2.6.6-0.1mdvmes5.i586.rpm 250a49eb240275dbda69c9c4b6914590 mes5/i586/pidgin-tcl-2.6.6-0.1mdvmes5.i586.rpm 267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 8d64ee79b213c13c19a4198841a144ac mes5/x86_64/finch-2.6.6-0.1mdvmes5.x86_64.rpm 5c433ebf35e04e8d6de964137dc276dd mes5/x86_64/lib64finch0-2.6.6-0.1mdvmes5.x86_64.rpm 7cc32a1bb4ebe61b0723f94658a45ae1 mes5/x86_64/lib64purple0-2.6.6-0.1mdvmes5.x86_64.rpm 2d427370e582eb2709b1b3f50b54a364 mes5/x86_64/lib64purple-devel-2.6.6-0.1mdvmes5.x86_64.rpm db09b8debee6cca9ebbd66fa2d12ec47 mes5/x86_64/pidgin-2.6.6-0.1mdvmes5.x86_64.rpm bcc51f21decc8447069faa3c1f8563c2 mes5/x86_64/pidgin-bonjour-2.6.6-0.1mdvmes5.x86_64.rpm 5e368dec9bccac6530c79855892c8a45 mes5/x86_64/pidgin-client-2.6.6-0.1mdvmes5.x86_64.rpm d068b236e3e33274d32ccf911d07ae27 mes5/x86_64/pidgin-gevolution-2.6.6-0.1mdvmes5.x86_64.rpm 14542696ab4124d542435f2d09f1b8e2 mes5/x86_64/pidgin-i18n-2.6.6-0.1mdvmes5.x86_64.rpm 1abe031c7d81ef8e3744ccac89e085f8 mes5/x86_64/pidgin-meanwhile-2.6.6-0.1mdvmes5.x86_64.rpm fe6d09ae59b3afb8d6154411d2274ad8 mes5/x86_64/pidgin-mono-2.6.6-0.1mdvmes5.x86_64.rpm 0cafc627ab6efa449cd1857c9032de68 mes5/x86_64/pidgin-perl-2.6.6-0.1mdvmes5.x86_64.rpm 650f4c48dafe08cca128ff1410c7c919 mes5/x86_64/pidgin-plugins-2.6.6-0.1mdvmes5.x86_64.rpm fd78039daafeb41f2356a3e617f37c08 mes5/x86_64/pidgin-silc-2.6.6-0.1mdvmes5.x86_64.rpm afb6b2d287d4df27e845fbbb0331052d mes5/x86_64/pidgin-tcl-2.6.6-0.1mdvmes5.x86_64.rpm 267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLfSUHmqjQ0CJFipgRAttGAKCxQbsdGtNK2rs9RMbLQmhz2UM69wCg32zV vL0qCU2xlQDncxOIar1eKrI= =vJpo -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists