lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OjZ5Z-0003Jd-2Y@titan.mandriva.com>
Date: Thu, 12 Aug 2010 16:49:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:148 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:148
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : August 12, 2010
 Affected: 2008.0, 2009.0, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in pidgin:
 
 The clientautoresp function in family_icbm.c in the oscar protocol
 plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated
 users to cause a denial of service (NULL pointer dereference and
 application crash) via an X-Status message that lacks the expected
 end tag for a (1) desc or (2) title element (CVE-2010-2528).
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 This update provides pidgin 2.7.3, which is not vulnerable to this
 issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528
 http://pidgin.im/news/security/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 e4fd99a595641b265da0fd1dc6d1ffcf  2008.0/i586/finch-2.7.3-0.1mdv2008.0.i586.rpm
 35d3eec60d6aee7cc349716c8e7bac52  2008.0/i586/libfinch0-2.7.3-0.1mdv2008.0.i586.rpm
 562cfc92fb2c554bafaf09a8ef2944fb  2008.0/i586/libpurple0-2.7.3-0.1mdv2008.0.i586.rpm
 a8a8569334d7974e5fbe194f36d358a4  2008.0/i586/libpurple-devel-2.7.3-0.1mdv2008.0.i586.rpm
 b02ab7ea47017ff8cbf084ee4405ea22  2008.0/i586/pidgin-2.7.3-0.1mdv2008.0.i586.rpm
 072207a6fd1e05838ae680e9203269d1  2008.0/i586/pidgin-bonjour-2.7.3-0.1mdv2008.0.i586.rpm
 e6d3f52740bed9569021e1b153a6b53f  2008.0/i586/pidgin-client-2.7.3-0.1mdv2008.0.i586.rpm
 a9f3bef0bfe4b85d41e313ebb225295a  2008.0/i586/pidgin-gevolution-2.7.3-0.1mdv2008.0.i586.rpm
 fa1743cfca50eea23b441ca4e8a5f50b  2008.0/i586/pidgin-i18n-2.7.3-0.1mdv2008.0.i586.rpm
 e0d5bd6ab76c0b17951b82f88e7e956c  2008.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2008.0.i586.rpm
 f92bc4ee72d729f26f9ab7e2f385470f  2008.0/i586/pidgin-perl-2.7.3-0.1mdv2008.0.i586.rpm
 32addf782d1a19b1fd40bfe73e51d357  2008.0/i586/pidgin-plugins-2.7.3-0.1mdv2008.0.i586.rpm
 3d4a5d5b7e705dfdf5fe41ea39b75565  2008.0/i586/pidgin-silc-2.7.3-0.1mdv2008.0.i586.rpm
 79b6080156d8e4688aa297e96d551c7a  2008.0/i586/pidgin-tcl-2.7.3-0.1mdv2008.0.i586.rpm 
 ef57d4556f401871ea93163d0f6ff51a  2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 2d04ae11eca52b5220f2fa6fbba33717  2008.0/x86_64/finch-2.7.3-0.1mdv2008.0.x86_64.rpm
 1250c66561ceaba90237aed7e2a98356  2008.0/x86_64/lib64finch0-2.7.3-0.1mdv2008.0.x86_64.rpm
 d2256ba7ef4f44a4c0627d2ce1b6b162  2008.0/x86_64/lib64purple0-2.7.3-0.1mdv2008.0.x86_64.rpm
 5e1d536a439a01a8dcc1ed5197ebd280  2008.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2008.0.x86_64.rpm
 ec9efec4fa7319a3e5d42a4d43ca7781  2008.0/x86_64/pidgin-2.7.3-0.1mdv2008.0.x86_64.rpm
 c7f7c07bcf9ecaf6358a7740c4b22cbd  2008.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2008.0.x86_64.rpm
 4ee28141dbb69a8be25c40fc7930269c  2008.0/x86_64/pidgin-client-2.7.3-0.1mdv2008.0.x86_64.rpm
 6d8ebdb3204364475461e0ae1c01d2bf  2008.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2008.0.x86_64.rpm
 d0c676e49c53364da58807fa2cad0a04  2008.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2008.0.x86_64.rpm
 2dd48faece804b4d8dd46f8059cc877e  2008.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2008.0.x86_64.rpm
 f68b63989cfc13e9670cb75b9479b2f8  2008.0/x86_64/pidgin-perl-2.7.3-0.1mdv2008.0.x86_64.rpm
 ad286ee88a4acea3d1b0f4425d3582f5  2008.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2008.0.x86_64.rpm
 d09967081926011d47e31dad0a6c2f89  2008.0/x86_64/pidgin-silc-2.7.3-0.1mdv2008.0.x86_64.rpm
 1eb27150d5f14d5f46299e4c56a56904  2008.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2008.0.x86_64.rpm 
 ef57d4556f401871ea93163d0f6ff51a  2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 076963b985c194b076f9d86f05aaac0b  2009.0/i586/finch-2.7.3-0.1mdv2009.0.i586.rpm
 f6b17accc5a30052f0ca5b2ea2aad709  2009.0/i586/libfinch0-2.7.3-0.1mdv2009.0.i586.rpm
 40f0de67c47f31565b67b75f5bef3898  2009.0/i586/libpurple0-2.7.3-0.1mdv2009.0.i586.rpm
 6b8eda06a712c0c37984bcaae5e6fb6a  2009.0/i586/libpurple-devel-2.7.3-0.1mdv2009.0.i586.rpm
 0ab13eac41ff8ef93701c8d7cad6f901  2009.0/i586/pidgin-2.7.3-0.1mdv2009.0.i586.rpm
 072166d9e8ea9e474d47fc39ddb1991b  2009.0/i586/pidgin-bonjour-2.7.3-0.1mdv2009.0.i586.rpm
 1129d2755380e21e66aff39b466ff517  2009.0/i586/pidgin-client-2.7.3-0.1mdv2009.0.i586.rpm
 80a6c489a6dca369399077393e70febf  2009.0/i586/pidgin-gevolution-2.7.3-0.1mdv2009.0.i586.rpm
 438f4448c4290b76b0e0b7dc7db64ded  2009.0/i586/pidgin-i18n-2.7.3-0.1mdv2009.0.i586.rpm
 fc9c63394102d193848a5b72dbb233a6  2009.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2009.0.i586.rpm
 cbe8886303178eaa539cacbe4c00d3a4  2009.0/i586/pidgin-perl-2.7.3-0.1mdv2009.0.i586.rpm
 cc8264e62c50f01d9e1abe02a241bf5c  2009.0/i586/pidgin-plugins-2.7.3-0.1mdv2009.0.i586.rpm
 c5a98ff8dd78ffe3e0862f076be82670  2009.0/i586/pidgin-silc-2.7.3-0.1mdv2009.0.i586.rpm
 2b737da515c5b4690fe669e7714e7666  2009.0/i586/pidgin-tcl-2.7.3-0.1mdv2009.0.i586.rpm 
 912b7ded0fe3a1d3379dcc35b1c71a19  2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6fd5c7fffca5a8c448630f03576bf71f  2009.0/x86_64/finch-2.7.3-0.1mdv2009.0.x86_64.rpm
 aac333dfc0acea060e03729538ac3aa3  2009.0/x86_64/lib64finch0-2.7.3-0.1mdv2009.0.x86_64.rpm
 e732962dcf319f252cdcc50be8d4e641  2009.0/x86_64/lib64purple0-2.7.3-0.1mdv2009.0.x86_64.rpm
 d76c51a9439d5c3db513ade1ebf7ef96  2009.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2009.0.x86_64.rpm
 8e0c47428aea00708afdb0629b33b181  2009.0/x86_64/pidgin-2.7.3-0.1mdv2009.0.x86_64.rpm
 1f0324d68b1dff46ac295eb10c05e850  2009.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2009.0.x86_64.rpm
 2e326154cf2284f49d227a4cec970cc2  2009.0/x86_64/pidgin-client-2.7.3-0.1mdv2009.0.x86_64.rpm
 2e36dc2d96f024df021e7acbbec0e70e  2009.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2009.0.x86_64.rpm
 7419ec6a5bd4181042478ce21fdddfce  2009.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2009.0.x86_64.rpm
 7ceaa4c90816f0307b4831c38e0e679f  2009.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2009.0.x86_64.rpm
 266280938d9597dea48f53e8acc37348  2009.0/x86_64/pidgin-perl-2.7.3-0.1mdv2009.0.x86_64.rpm
 2154dd887732ff4b06f33d961baf4507  2009.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2009.0.x86_64.rpm
 0a774bbb60f2e6303999f846f8ffaee2  2009.0/x86_64/pidgin-silc-2.7.3-0.1mdv2009.0.x86_64.rpm
 d10318a6d1a7a7fe5193c974eeec1959  2009.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2009.0.x86_64.rpm 
 912b7ded0fe3a1d3379dcc35b1c71a19  2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 8fda37f89816a43c013723c6af25e191  2010.0/i586/finch-2.7.3-0.1mdv2010.0.i586.rpm
 acc1b447c04b2d0bc3bc294b6ad05ed1  2010.0/i586/libfinch0-2.7.3-0.1mdv2010.0.i586.rpm
 3714427fac881efce00130311225090e  2010.0/i586/libpurple0-2.7.3-0.1mdv2010.0.i586.rpm
 ede8ed501bc9a8d9fc2125c02c714ab5  2010.0/i586/libpurple-devel-2.7.3-0.1mdv2010.0.i586.rpm
 cca38e55bc6bcd6ed77e12aa9440dc2f  2010.0/i586/pidgin-2.7.3-0.1mdv2010.0.i586.rpm
 442b92aadcd7218a4166b16e56079d11  2010.0/i586/pidgin-bonjour-2.7.3-0.1mdv2010.0.i586.rpm
 b6d3272ae774a5d961108819c0229c66  2010.0/i586/pidgin-client-2.7.3-0.1mdv2010.0.i586.rpm
 0ea8d73839491023323448aa5b0e1991  2010.0/i586/pidgin-i18n-2.7.3-0.1mdv2010.0.i586.rpm
 2e22a31b0a218199641e7a30be2e8ccf  2010.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.0.i586.rpm
 b5282c4d9735b3ee81011c93527c539b  2010.0/i586/pidgin-perl-2.7.3-0.1mdv2010.0.i586.rpm
 c4e7719491ce0456df312cdb9f52cd5b  2010.0/i586/pidgin-plugins-2.7.3-0.1mdv2010.0.i586.rpm
 f71fd2e28c33d8213d8c7380137255de  2010.0/i586/pidgin-silc-2.7.3-0.1mdv2010.0.i586.rpm
 0cbf0fdba22b49ac756cf59a5e49f1ec  2010.0/i586/pidgin-tcl-2.7.3-0.1mdv2010.0.i586.rpm 
 68155307c48ba4c4d83f8337f299d5b0  2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 6987ee958cdfa7012b2e90beb2266d4f  2010.0/x86_64/finch-2.7.3-0.1mdv2010.0.x86_64.rpm
 068a1712e8ddabb43193342727011a3a  2010.0/x86_64/lib64finch0-2.7.3-0.1mdv2010.0.x86_64.rpm
 5696ffec1f7ebecc1d09794aad3f2f69  2010.0/x86_64/lib64purple0-2.7.3-0.1mdv2010.0.x86_64.rpm
 369f365b0beab8b4d12dc818c087f069  2010.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.0.x86_64.rpm
 a55cf9816776743e3defaff99d48d95e  2010.0/x86_64/pidgin-2.7.3-0.1mdv2010.0.x86_64.rpm
 3e3297eff0fe50da1afb133fc1c6e92b  2010.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.0.x86_64.rpm
 065c08529e685dc76b312c7084e74549  2010.0/x86_64/pidgin-client-2.7.3-0.1mdv2010.0.x86_64.rpm
 3948da49ef61b00c01f614d9631c7268  2010.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.0.x86_64.rpm
 a33bd79c0c77d48070ce251864a01867  2010.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.0.x86_64.rpm
 16891e8ef38a4e196d75658fda987cfb  2010.0/x86_64/pidgin-perl-2.7.3-0.1mdv2010.0.x86_64.rpm
 acd69903970f0fedc7fed460dce20f3d  2010.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.0.x86_64.rpm
 488a28dc35c30d692beed85f1958266e  2010.0/x86_64/pidgin-silc-2.7.3-0.1mdv2010.0.x86_64.rpm
 329f3dbfe3c1270d69512fc35714f006  2010.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.0.x86_64.rpm 
 68155307c48ba4c4d83f8337f299d5b0  2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 74579b9daf7829cf473571a5046d2683  2010.1/i586/finch-2.7.3-0.1mdv2010.1.i586.rpm
 49ff1a21cedb2887d87fcc8c2c01903f  2010.1/i586/libfinch0-2.7.3-0.1mdv2010.1.i586.rpm
 942900adb56a0c155e1c25afc80f04fb  2010.1/i586/libpurple0-2.7.3-0.1mdv2010.1.i586.rpm
 0d74232f3f1f22548f88d675e38eaae3  2010.1/i586/libpurple-devel-2.7.3-0.1mdv2010.1.i586.rpm
 0e5e69388f92f48ffcdd5ca6f0c4a05f  2010.1/i586/pidgin-2.7.3-0.1mdv2010.1.i586.rpm
 8c420084dcee03e585723613c54a03c5  2010.1/i586/pidgin-bonjour-2.7.3-0.1mdv2010.1.i586.rpm
 6d39b7f80cfc84316569a93b68e20ffe  2010.1/i586/pidgin-client-2.7.3-0.1mdv2010.1.i586.rpm
 ed4eecd54f2560d3037d0b738ba06140  2010.1/i586/pidgin-i18n-2.7.3-0.1mdv2010.1.i586.rpm
 9309a8693cf0d00a5dbcc3037593388f  2010.1/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.1.i586.rpm
 54e73fbbe5170751735b2f09b63b1d9b  2010.1/i586/pidgin-perl-2.7.3-0.1mdv2010.1.i586.rpm
 ab16c9a8c76c7b4ad2aa4a63330aa555  2010.1/i586/pidgin-plugins-2.7.3-0.1mdv2010.1.i586.rpm
 5462004ddf391342ac46960d3a5dc36e  2010.1/i586/pidgin-silc-2.7.3-0.1mdv2010.1.i586.rpm
 e7a46f75407c2063eefad440a9e47c5a  2010.1/i586/pidgin-tcl-2.7.3-0.1mdv2010.1.i586.rpm 
 cc27820d6d975f3c6fe20aac044e2e2d  2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 f8ce165cae621ff31464867ef708689c  2010.1/x86_64/finch-2.7.3-0.1mdv2010.1.x86_64.rpm
 038394859f480b54771c5fefe1548ada  2010.1/x86_64/lib64finch0-2.7.3-0.1mdv2010.1.x86_64.rpm
 02de0ec7c1015454e305c964ddb1f3e8  2010.1/x86_64/lib64purple0-2.7.3-0.1mdv2010.1.x86_64.rpm
 211875f94eb95d77a25f5472872ffb5e  2010.1/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.1.x86_64.rpm
 d791f06b45f23499cf68aa0583474b11  2010.1/x86_64/pidgin-2.7.3-0.1mdv2010.1.x86_64.rpm
 25089f1e1ec99d85ebb03208c7e253cf  2010.1/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.1.x86_64.rpm
 ec80ddd3ae86895e9ec2cc87765b7756  2010.1/x86_64/pidgin-client-2.7.3-0.1mdv2010.1.x86_64.rpm
 f99811c01f4875a2a556a7db55dfbe77  2010.1/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.1.x86_64.rpm
 cc1d0b1c8006eff3e74e0731c35f5b12  2010.1/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.1.x86_64.rpm
 bcdd432df8cf71099a423afb467cbc10  2010.1/x86_64/pidgin-perl-2.7.3-0.1mdv2010.1.x86_64.rpm
 68ee77089e6ec4014107275d70927710  2010.1/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.1.x86_64.rpm
 c3e39492df9753e1865363463cac0479  2010.1/x86_64/pidgin-silc-2.7.3-0.1mdv2010.1.x86_64.rpm
 125602a2b6ee373f7a45ca8079b5ff2b  2010.1/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.1.x86_64.rpm 
 cc27820d6d975f3c6fe20aac044e2e2d  2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMY9opmqjQ0CJFipgRAnq3AKCNoeB1p0p38DiqexwLcQnK3ZksJwCaAhjV
kcVYAorP1VH1YehF4uox/6g=
=WyEv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ