lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P8vkQ-0000wp-5D@titan.mandriva.com>
Date: Thu, 21 Oct 2010 16:04:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:208 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:208
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : October 21, 2010
 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in pidgin:
 
 It has been discovered that eight denial of service conditions exist
 in libpurple all due to insufficient validation of the return value
 from purple_base64_decode(). Invalid or malformed data received in
 place of a valid base64-encoded value in portions of the Yahoo!, MSN,
 MySpaceIM, and XMPP protocol plugins and the NTLM authentication
 support trigger a crash. These vulnerabilities can be leveraged by
 a remote user for denial of service (CVE-2010-3711).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 This update provides pidgin 2.7.4, which is not vulnerable to this
 issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3711
 http://pidgin.im/news/security/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 01b8018cd3acd742b80ae39cf9437f61  2009.0/i586/finch-2.7.4-0.1mdv2009.0.i586.rpm
 7e9adf0099fc897f11377897f879b8ee  2009.0/i586/libfinch0-2.7.4-0.1mdv2009.0.i586.rpm
 149fce87377d5d0b2c33b616f45c973a  2009.0/i586/libpurple0-2.7.4-0.1mdv2009.0.i586.rpm
 704fe07620e9822116bf7d7d0d58d7b2  2009.0/i586/libpurple-devel-2.7.4-0.1mdv2009.0.i586.rpm
 e1c4593f294198e53b9a3fe1a0bab068  2009.0/i586/pidgin-2.7.4-0.1mdv2009.0.i586.rpm
 96bdc026fd3bcdc86f3a2968dc346253  2009.0/i586/pidgin-bonjour-2.7.4-0.1mdv2009.0.i586.rpm
 e200d998e4d1e02bbf2c6c1813199c55  2009.0/i586/pidgin-client-2.7.4-0.1mdv2009.0.i586.rpm
 3b0973e9f4a7a3850699ecbf05c7594f  2009.0/i586/pidgin-gevolution-2.7.4-0.1mdv2009.0.i586.rpm
 65a4bc6fbc1ad89e1985ebecd5420255  2009.0/i586/pidgin-i18n-2.7.4-0.1mdv2009.0.i586.rpm
 70b78c339f53fb9c3dab8c6ac587d903  2009.0/i586/pidgin-meanwhile-2.7.4-0.1mdv2009.0.i586.rpm
 ac8affa20bd6bb5e93987804885f6bfc  2009.0/i586/pidgin-perl-2.7.4-0.1mdv2009.0.i586.rpm
 195a4a495944d9d59abff9f7617a877a  2009.0/i586/pidgin-plugins-2.7.4-0.1mdv2009.0.i586.rpm
 26c08e34c2392f67994811b18286d2cd  2009.0/i586/pidgin-silc-2.7.4-0.1mdv2009.0.i586.rpm
 9dde81a28d9f1538cd9d97c48fdcf991  2009.0/i586/pidgin-tcl-2.7.4-0.1mdv2009.0.i586.rpm 
 bbfe063e27008c72e0a2f9793906f5e4  2009.0/SRPMS/pidgin-2.7.4-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b47c892f7c4874a95dd98bb6864354cc  2009.0/x86_64/finch-2.7.4-0.1mdv2009.0.x86_64.rpm
 08d882fd48a6e2e74716a3605751475a  2009.0/x86_64/lib64finch0-2.7.4-0.1mdv2009.0.x86_64.rpm
 9b77d3f7691759132cd83c143d545bbc  2009.0/x86_64/lib64purple0-2.7.4-0.1mdv2009.0.x86_64.rpm
 db9e939bd921d388aa28e3da5e1f1e74  2009.0/x86_64/lib64purple-devel-2.7.4-0.1mdv2009.0.x86_64.rpm
 f34250d75b0fd111c45ee8e3a7e066f2  2009.0/x86_64/pidgin-2.7.4-0.1mdv2009.0.x86_64.rpm
 d372c8bb109cb12708b9e02706879411  2009.0/x86_64/pidgin-bonjour-2.7.4-0.1mdv2009.0.x86_64.rpm
 cef6333cc6b7aedd8eb5d38a38925506  2009.0/x86_64/pidgin-client-2.7.4-0.1mdv2009.0.x86_64.rpm
 12fb53acdd919875a6ca23ee2a2e6fa4  2009.0/x86_64/pidgin-gevolution-2.7.4-0.1mdv2009.0.x86_64.rpm
 29077064095cc4fb8ef64bd06e7f495c  2009.0/x86_64/pidgin-i18n-2.7.4-0.1mdv2009.0.x86_64.rpm
 5d71995b91428993338169017a853e6f  2009.0/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2009.0.x86_64.rpm
 cafd698ff2ccc9a0b1b63e3e4724ceba  2009.0/x86_64/pidgin-perl-2.7.4-0.1mdv2009.0.x86_64.rpm
 e4f1437744385900c5c3bb2f7a34e41e  2009.0/x86_64/pidgin-plugins-2.7.4-0.1mdv2009.0.x86_64.rpm
 4c88b13b9066c871e656d6c7b5de3749  2009.0/x86_64/pidgin-silc-2.7.4-0.1mdv2009.0.x86_64.rpm
 f1b7210f0909e75bb1ea6ab8dacb6474  2009.0/x86_64/pidgin-tcl-2.7.4-0.1mdv2009.0.x86_64.rpm 
 bbfe063e27008c72e0a2f9793906f5e4  2009.0/SRPMS/pidgin-2.7.4-0.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 4a807e2430c8de3afef0fd8705c64756  2010.0/i586/finch-2.7.4-0.1mdv2010.0.i586.rpm
 37c9fa1be9da720ab2df2a23d05b2e45  2010.0/i586/libfinch0-2.7.4-0.1mdv2010.0.i586.rpm
 01b0d18fdd89e7e9d21e1efcb7ed25ef  2010.0/i586/libpurple0-2.7.4-0.1mdv2010.0.i586.rpm
 b09905fe21241e96782d31836aa569f6  2010.0/i586/libpurple-devel-2.7.4-0.1mdv2010.0.i586.rpm
 d567efd8c615daf2775c1ddce4564021  2010.0/i586/pidgin-2.7.4-0.1mdv2010.0.i586.rpm
 bf724f06c191e8650020fb6003f3faba  2010.0/i586/pidgin-bonjour-2.7.4-0.1mdv2010.0.i586.rpm
 461e35ca45634158c58272611e4ddacb  2010.0/i586/pidgin-client-2.7.4-0.1mdv2010.0.i586.rpm
 8a393a58991ba50ad0807344cf2c478e  2010.0/i586/pidgin-i18n-2.7.4-0.1mdv2010.0.i586.rpm
 863288bdf3cf44201e5415360a37759d  2010.0/i586/pidgin-meanwhile-2.7.4-0.1mdv2010.0.i586.rpm
 9d8acc16066fbb8bd0f4761ddb3c2ba2  2010.0/i586/pidgin-perl-2.7.4-0.1mdv2010.0.i586.rpm
 d40861e4c5057921c9fa3100eda105d2  2010.0/i586/pidgin-plugins-2.7.4-0.1mdv2010.0.i586.rpm
 6ac3930f70bddf3c4123581a93284a75  2010.0/i586/pidgin-silc-2.7.4-0.1mdv2010.0.i586.rpm
 39873d607b4eb80a572980cc3fa2618d  2010.0/i586/pidgin-tcl-2.7.4-0.1mdv2010.0.i586.rpm 
 63aad6d2640bea78635af260eb15e4e7  2010.0/SRPMS/pidgin-2.7.4-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 d33440025d515faac1c2de0d63470689  2010.0/x86_64/finch-2.7.4-0.1mdv2010.0.x86_64.rpm
 b7da5c6d406b846f6804575d27aa054b  2010.0/x86_64/lib64finch0-2.7.4-0.1mdv2010.0.x86_64.rpm
 f379295d1a0e5c8297f7ea61c08fbdcf  2010.0/x86_64/lib64purple0-2.7.4-0.1mdv2010.0.x86_64.rpm
 e2363709649222e0674cacca226a7598  2010.0/x86_64/lib64purple-devel-2.7.4-0.1mdv2010.0.x86_64.rpm
 6277cb0f9abc993337c99d73f1221d9e  2010.0/x86_64/pidgin-2.7.4-0.1mdv2010.0.x86_64.rpm
 9e4e105527c33c6ed1f3a118d6b587f9  2010.0/x86_64/pidgin-bonjour-2.7.4-0.1mdv2010.0.x86_64.rpm
 c38603a08ab36de1e3319f5de00d4a00  2010.0/x86_64/pidgin-client-2.7.4-0.1mdv2010.0.x86_64.rpm
 d8afed2b2c1894cdfff85e839836da83  2010.0/x86_64/pidgin-i18n-2.7.4-0.1mdv2010.0.x86_64.rpm
 cf09e11175aaca4a215769e0fc9e0691  2010.0/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2010.0.x86_64.rpm
 c8ed1b4e923d25a256c30a3704211728  2010.0/x86_64/pidgin-perl-2.7.4-0.1mdv2010.0.x86_64.rpm
 5681e4be75d0919bb184aaa82bc0752b  2010.0/x86_64/pidgin-plugins-2.7.4-0.1mdv2010.0.x86_64.rpm
 85f86aca240ff6196a2a731bcfdfd6c0  2010.0/x86_64/pidgin-silc-2.7.4-0.1mdv2010.0.x86_64.rpm
 cbaef9319bdb01b9b5650ee018e44b71  2010.0/x86_64/pidgin-tcl-2.7.4-0.1mdv2010.0.x86_64.rpm 
 63aad6d2640bea78635af260eb15e4e7  2010.0/SRPMS/pidgin-2.7.4-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 daa563bc19aefac348406b2967dd5198  2010.1/i586/finch-2.7.4-0.1mdv2010.1.i586.rpm
 1725cbd72886e6c5c7ba799e6bf7a2b3  2010.1/i586/libfinch0-2.7.4-0.1mdv2010.1.i586.rpm
 fd12fecc40d6bcc351fe9301d864bd74  2010.1/i586/libpurple0-2.7.4-0.1mdv2010.1.i586.rpm
 d2f5da55fb65a65bca430be42185fe85  2010.1/i586/libpurple-devel-2.7.4-0.1mdv2010.1.i586.rpm
 12f76b9d9eb772299a0aa8044f79b977  2010.1/i586/pidgin-2.7.4-0.1mdv2010.1.i586.rpm
 d6b3066c5c5203b4e360fec65abb5391  2010.1/i586/pidgin-bonjour-2.7.4-0.1mdv2010.1.i586.rpm
 aa4295bfecf6ea30a8f76fbea31a2950  2010.1/i586/pidgin-client-2.7.4-0.1mdv2010.1.i586.rpm
 376b624fbf585bb52d38de13c2c9c10f  2010.1/i586/pidgin-i18n-2.7.4-0.1mdv2010.1.i586.rpm
 4e77093d0c961860e4b2e06f28aadea2  2010.1/i586/pidgin-meanwhile-2.7.4-0.1mdv2010.1.i586.rpm
 2277aba94650914da2d81ca8ecb2a0b0  2010.1/i586/pidgin-perl-2.7.4-0.1mdv2010.1.i586.rpm
 385f4cd23bd21a324b66b71d7ade9ef5  2010.1/i586/pidgin-plugins-2.7.4-0.1mdv2010.1.i586.rpm
 8fa9bc424818b57d0d1e44fe11c109b7  2010.1/i586/pidgin-silc-2.7.4-0.1mdv2010.1.i586.rpm
 7b9ac35c31f10c4acdfc7395c1986d34  2010.1/i586/pidgin-tcl-2.7.4-0.1mdv2010.1.i586.rpm 
 3dbb70c26d2c34d6ea4654f3c512bb80  2010.1/SRPMS/pidgin-2.7.4-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 9bf4db0c952dcb7327f0b8f910007a25  2010.1/x86_64/finch-2.7.4-0.1mdv2010.1.x86_64.rpm
 0f48e91b1a3438d778bbd0f7a8283df7  2010.1/x86_64/lib64finch0-2.7.4-0.1mdv2010.1.x86_64.rpm
 ee07888c4238e85d0ea5e8ca27b1fc00  2010.1/x86_64/lib64purple0-2.7.4-0.1mdv2010.1.x86_64.rpm
 027787856ab719b964c8a57ee4a31170  2010.1/x86_64/lib64purple-devel-2.7.4-0.1mdv2010.1.x86_64.rpm
 84ef91740b17a15c59cd4b7e3e09090c  2010.1/x86_64/pidgin-2.7.4-0.1mdv2010.1.x86_64.rpm
 945e9b24c36a646dcca68346d1e7dfb6  2010.1/x86_64/pidgin-bonjour-2.7.4-0.1mdv2010.1.x86_64.rpm
 65990fa4e32506710e4db308274037f2  2010.1/x86_64/pidgin-client-2.7.4-0.1mdv2010.1.x86_64.rpm
 098cc3fe4e0aac347c68a38873c05d79  2010.1/x86_64/pidgin-i18n-2.7.4-0.1mdv2010.1.x86_64.rpm
 51a6c4767d373cba0f499c673079f2ee  2010.1/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2010.1.x86_64.rpm
 ebc9d173dd649d73de62e7f06fee199b  2010.1/x86_64/pidgin-perl-2.7.4-0.1mdv2010.1.x86_64.rpm
 6ca6300450ff10af4cde531f70472b3d  2010.1/x86_64/pidgin-plugins-2.7.4-0.1mdv2010.1.x86_64.rpm
 ea4d539e2f361039f373637bf2ed4198  2010.1/x86_64/pidgin-silc-2.7.4-0.1mdv2010.1.x86_64.rpm
 0e236ab946dc9723e5a5a04bcd43ad0c  2010.1/x86_64/pidgin-tcl-2.7.4-0.1mdv2010.1.x86_64.rpm 
 3dbb70c26d2c34d6ea4654f3c512bb80  2010.1/SRPMS/pidgin-2.7.4-0.1mdv2010.1.src.rpm

 Mandriva Enterprise Server 5:
 b5c16317d7099d21b79f19ee19ff7ae2  mes5/i586/finch-2.7.4-0.1mdvmes5.1.i586.rpm
 b537734c5f52322aceb026d5db9b9162  mes5/i586/libfinch0-2.7.4-0.1mdvmes5.1.i586.rpm
 11a0cf996b1356277305cc4ba1ff0d73  mes5/i586/libpurple0-2.7.4-0.1mdvmes5.1.i586.rpm
 37ed98fc174bdfb18654f241d2f5b43f  mes5/i586/libpurple-devel-2.7.4-0.1mdvmes5.1.i586.rpm
 47a44f3d2b4ccf92fb4590c2416cd692  mes5/i586/pidgin-2.7.4-0.1mdvmes5.1.i586.rpm
 f4cb4f9582bc531962b797582296f7b7  mes5/i586/pidgin-bonjour-2.7.4-0.1mdvmes5.1.i586.rpm
 c2ce0880a47d79043afc6e0aa298a7c5  mes5/i586/pidgin-client-2.7.4-0.1mdvmes5.1.i586.rpm
 a21cffe7e18881a0c1e46f60a0c91329  mes5/i586/pidgin-gevolution-2.7.4-0.1mdvmes5.1.i586.rpm
 9d19886f22b6cf3547a11f298fed7929  mes5/i586/pidgin-i18n-2.7.4-0.1mdvmes5.1.i586.rpm
 ca196aa64dd2f908f3bc6cd9859b004c  mes5/i586/pidgin-meanwhile-2.7.4-0.1mdvmes5.1.i586.rpm
 e3cec4a41647043fe2c62ebda38b86fb  mes5/i586/pidgin-perl-2.7.4-0.1mdvmes5.1.i586.rpm
 bbd471bd4884e2a5c328dcb778877b80  mes5/i586/pidgin-plugins-2.7.4-0.1mdvmes5.1.i586.rpm
 f057d93c50d2731e729375398b48c36c  mes5/i586/pidgin-silc-2.7.4-0.1mdvmes5.1.i586.rpm
 5d6e4b4b61613b2208870b27de6be0a7  mes5/i586/pidgin-tcl-2.7.4-0.1mdvmes5.1.i586.rpm 
 2483e5fed52b74308507cb2f30a4c38f  mes5/SRPMS/pidgin-2.7.4-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 302777f83318b579fc3bcaabf900b391  mes5/x86_64/finch-2.7.4-0.1mdvmes5.1.x86_64.rpm
 bba3472cf7c7f7e9366067224679b1c7  mes5/x86_64/lib64finch0-2.7.4-0.1mdvmes5.1.x86_64.rpm
 f1ef4eff8cd40dd51dc212bd80de9cfa  mes5/x86_64/lib64purple0-2.7.4-0.1mdvmes5.1.x86_64.rpm
 4146c636a8ec030c5047234d2f759dbf  mes5/x86_64/lib64purple-devel-2.7.4-0.1mdvmes5.1.x86_64.rpm
 d15e9cf42d5cfdb0134cc7e5a9de61c7  mes5/x86_64/pidgin-2.7.4-0.1mdvmes5.1.x86_64.rpm
 41e1716e32c1b6012ba8caa78af071fd  mes5/x86_64/pidgin-bonjour-2.7.4-0.1mdvmes5.1.x86_64.rpm
 034466f6041515980f32b8215c7eb6b1  mes5/x86_64/pidgin-client-2.7.4-0.1mdvmes5.1.x86_64.rpm
 bbf133dd536393c15ca04c9001dc17d7  mes5/x86_64/pidgin-gevolution-2.7.4-0.1mdvmes5.1.x86_64.rpm
 b077d8da6b9b62ee1a9e3ffe39a83cff  mes5/x86_64/pidgin-i18n-2.7.4-0.1mdvmes5.1.x86_64.rpm
 a52e5b1422db42aec19d652ddb2af5df  mes5/x86_64/pidgin-meanwhile-2.7.4-0.1mdvmes5.1.x86_64.rpm
 d52129496b6514510c38ed418196be9b  mes5/x86_64/pidgin-perl-2.7.4-0.1mdvmes5.1.x86_64.rpm
 0008086123698397d2ce6e7513073fa2  mes5/x86_64/pidgin-plugins-2.7.4-0.1mdvmes5.1.x86_64.rpm
 e1de50c4ceb7bebfd72b9cc03773fa01  mes5/x86_64/pidgin-silc-2.7.4-0.1mdvmes5.1.x86_64.rpm
 735ee9a9bbed5b00b06abdb362b8442e  mes5/x86_64/pidgin-tcl-2.7.4-0.1mdvmes5.1.x86_64.rpm 
 2483e5fed52b74308507cb2f30a4c38f  mes5/SRPMS/pidgin-2.7.4-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMwBiXmqjQ0CJFipgRArZLAJ9MkstXEpf0wj8nL8m/aDOLvKKXOwCgtval
x98T648MTl8HJWgM8MyrXD0=
=fx41
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ