[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P8vkQ-0000wp-5D@titan.mandriva.com>
Date: Thu, 21 Oct 2010 16:04:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:208 ] pidgin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:208
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : October 21, 2010
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A security vulnerability has been identified and fixed in pidgin:
It has been discovered that eight denial of service conditions exist
in libpurple all due to insufficient validation of the return value
from purple_base64_decode(). Invalid or malformed data received in
place of a valid base64-encoded value in portions of the Yahoo!, MSN,
MySpaceIM, and XMPP protocol plugins and the NTLM authentication
support trigger a crash. These vulnerabilities can be leveraged by
a remote user for denial of service (CVE-2010-3711).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
This update provides pidgin 2.7.4, which is not vulnerable to this
issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3711
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
01b8018cd3acd742b80ae39cf9437f61 2009.0/i586/finch-2.7.4-0.1mdv2009.0.i586.rpm
7e9adf0099fc897f11377897f879b8ee 2009.0/i586/libfinch0-2.7.4-0.1mdv2009.0.i586.rpm
149fce87377d5d0b2c33b616f45c973a 2009.0/i586/libpurple0-2.7.4-0.1mdv2009.0.i586.rpm
704fe07620e9822116bf7d7d0d58d7b2 2009.0/i586/libpurple-devel-2.7.4-0.1mdv2009.0.i586.rpm
e1c4593f294198e53b9a3fe1a0bab068 2009.0/i586/pidgin-2.7.4-0.1mdv2009.0.i586.rpm
96bdc026fd3bcdc86f3a2968dc346253 2009.0/i586/pidgin-bonjour-2.7.4-0.1mdv2009.0.i586.rpm
e200d998e4d1e02bbf2c6c1813199c55 2009.0/i586/pidgin-client-2.7.4-0.1mdv2009.0.i586.rpm
3b0973e9f4a7a3850699ecbf05c7594f 2009.0/i586/pidgin-gevolution-2.7.4-0.1mdv2009.0.i586.rpm
65a4bc6fbc1ad89e1985ebecd5420255 2009.0/i586/pidgin-i18n-2.7.4-0.1mdv2009.0.i586.rpm
70b78c339f53fb9c3dab8c6ac587d903 2009.0/i586/pidgin-meanwhile-2.7.4-0.1mdv2009.0.i586.rpm
ac8affa20bd6bb5e93987804885f6bfc 2009.0/i586/pidgin-perl-2.7.4-0.1mdv2009.0.i586.rpm
195a4a495944d9d59abff9f7617a877a 2009.0/i586/pidgin-plugins-2.7.4-0.1mdv2009.0.i586.rpm
26c08e34c2392f67994811b18286d2cd 2009.0/i586/pidgin-silc-2.7.4-0.1mdv2009.0.i586.rpm
9dde81a28d9f1538cd9d97c48fdcf991 2009.0/i586/pidgin-tcl-2.7.4-0.1mdv2009.0.i586.rpm
bbfe063e27008c72e0a2f9793906f5e4 2009.0/SRPMS/pidgin-2.7.4-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
b47c892f7c4874a95dd98bb6864354cc 2009.0/x86_64/finch-2.7.4-0.1mdv2009.0.x86_64.rpm
08d882fd48a6e2e74716a3605751475a 2009.0/x86_64/lib64finch0-2.7.4-0.1mdv2009.0.x86_64.rpm
9b77d3f7691759132cd83c143d545bbc 2009.0/x86_64/lib64purple0-2.7.4-0.1mdv2009.0.x86_64.rpm
db9e939bd921d388aa28e3da5e1f1e74 2009.0/x86_64/lib64purple-devel-2.7.4-0.1mdv2009.0.x86_64.rpm
f34250d75b0fd111c45ee8e3a7e066f2 2009.0/x86_64/pidgin-2.7.4-0.1mdv2009.0.x86_64.rpm
d372c8bb109cb12708b9e02706879411 2009.0/x86_64/pidgin-bonjour-2.7.4-0.1mdv2009.0.x86_64.rpm
cef6333cc6b7aedd8eb5d38a38925506 2009.0/x86_64/pidgin-client-2.7.4-0.1mdv2009.0.x86_64.rpm
12fb53acdd919875a6ca23ee2a2e6fa4 2009.0/x86_64/pidgin-gevolution-2.7.4-0.1mdv2009.0.x86_64.rpm
29077064095cc4fb8ef64bd06e7f495c 2009.0/x86_64/pidgin-i18n-2.7.4-0.1mdv2009.0.x86_64.rpm
5d71995b91428993338169017a853e6f 2009.0/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2009.0.x86_64.rpm
cafd698ff2ccc9a0b1b63e3e4724ceba 2009.0/x86_64/pidgin-perl-2.7.4-0.1mdv2009.0.x86_64.rpm
e4f1437744385900c5c3bb2f7a34e41e 2009.0/x86_64/pidgin-plugins-2.7.4-0.1mdv2009.0.x86_64.rpm
4c88b13b9066c871e656d6c7b5de3749 2009.0/x86_64/pidgin-silc-2.7.4-0.1mdv2009.0.x86_64.rpm
f1b7210f0909e75bb1ea6ab8dacb6474 2009.0/x86_64/pidgin-tcl-2.7.4-0.1mdv2009.0.x86_64.rpm
bbfe063e27008c72e0a2f9793906f5e4 2009.0/SRPMS/pidgin-2.7.4-0.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
4a807e2430c8de3afef0fd8705c64756 2010.0/i586/finch-2.7.4-0.1mdv2010.0.i586.rpm
37c9fa1be9da720ab2df2a23d05b2e45 2010.0/i586/libfinch0-2.7.4-0.1mdv2010.0.i586.rpm
01b0d18fdd89e7e9d21e1efcb7ed25ef 2010.0/i586/libpurple0-2.7.4-0.1mdv2010.0.i586.rpm
b09905fe21241e96782d31836aa569f6 2010.0/i586/libpurple-devel-2.7.4-0.1mdv2010.0.i586.rpm
d567efd8c615daf2775c1ddce4564021 2010.0/i586/pidgin-2.7.4-0.1mdv2010.0.i586.rpm
bf724f06c191e8650020fb6003f3faba 2010.0/i586/pidgin-bonjour-2.7.4-0.1mdv2010.0.i586.rpm
461e35ca45634158c58272611e4ddacb 2010.0/i586/pidgin-client-2.7.4-0.1mdv2010.0.i586.rpm
8a393a58991ba50ad0807344cf2c478e 2010.0/i586/pidgin-i18n-2.7.4-0.1mdv2010.0.i586.rpm
863288bdf3cf44201e5415360a37759d 2010.0/i586/pidgin-meanwhile-2.7.4-0.1mdv2010.0.i586.rpm
9d8acc16066fbb8bd0f4761ddb3c2ba2 2010.0/i586/pidgin-perl-2.7.4-0.1mdv2010.0.i586.rpm
d40861e4c5057921c9fa3100eda105d2 2010.0/i586/pidgin-plugins-2.7.4-0.1mdv2010.0.i586.rpm
6ac3930f70bddf3c4123581a93284a75 2010.0/i586/pidgin-silc-2.7.4-0.1mdv2010.0.i586.rpm
39873d607b4eb80a572980cc3fa2618d 2010.0/i586/pidgin-tcl-2.7.4-0.1mdv2010.0.i586.rpm
63aad6d2640bea78635af260eb15e4e7 2010.0/SRPMS/pidgin-2.7.4-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
d33440025d515faac1c2de0d63470689 2010.0/x86_64/finch-2.7.4-0.1mdv2010.0.x86_64.rpm
b7da5c6d406b846f6804575d27aa054b 2010.0/x86_64/lib64finch0-2.7.4-0.1mdv2010.0.x86_64.rpm
f379295d1a0e5c8297f7ea61c08fbdcf 2010.0/x86_64/lib64purple0-2.7.4-0.1mdv2010.0.x86_64.rpm
e2363709649222e0674cacca226a7598 2010.0/x86_64/lib64purple-devel-2.7.4-0.1mdv2010.0.x86_64.rpm
6277cb0f9abc993337c99d73f1221d9e 2010.0/x86_64/pidgin-2.7.4-0.1mdv2010.0.x86_64.rpm
9e4e105527c33c6ed1f3a118d6b587f9 2010.0/x86_64/pidgin-bonjour-2.7.4-0.1mdv2010.0.x86_64.rpm
c38603a08ab36de1e3319f5de00d4a00 2010.0/x86_64/pidgin-client-2.7.4-0.1mdv2010.0.x86_64.rpm
d8afed2b2c1894cdfff85e839836da83 2010.0/x86_64/pidgin-i18n-2.7.4-0.1mdv2010.0.x86_64.rpm
cf09e11175aaca4a215769e0fc9e0691 2010.0/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2010.0.x86_64.rpm
c8ed1b4e923d25a256c30a3704211728 2010.0/x86_64/pidgin-perl-2.7.4-0.1mdv2010.0.x86_64.rpm
5681e4be75d0919bb184aaa82bc0752b 2010.0/x86_64/pidgin-plugins-2.7.4-0.1mdv2010.0.x86_64.rpm
85f86aca240ff6196a2a731bcfdfd6c0 2010.0/x86_64/pidgin-silc-2.7.4-0.1mdv2010.0.x86_64.rpm
cbaef9319bdb01b9b5650ee018e44b71 2010.0/x86_64/pidgin-tcl-2.7.4-0.1mdv2010.0.x86_64.rpm
63aad6d2640bea78635af260eb15e4e7 2010.0/SRPMS/pidgin-2.7.4-0.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
daa563bc19aefac348406b2967dd5198 2010.1/i586/finch-2.7.4-0.1mdv2010.1.i586.rpm
1725cbd72886e6c5c7ba799e6bf7a2b3 2010.1/i586/libfinch0-2.7.4-0.1mdv2010.1.i586.rpm
fd12fecc40d6bcc351fe9301d864bd74 2010.1/i586/libpurple0-2.7.4-0.1mdv2010.1.i586.rpm
d2f5da55fb65a65bca430be42185fe85 2010.1/i586/libpurple-devel-2.7.4-0.1mdv2010.1.i586.rpm
12f76b9d9eb772299a0aa8044f79b977 2010.1/i586/pidgin-2.7.4-0.1mdv2010.1.i586.rpm
d6b3066c5c5203b4e360fec65abb5391 2010.1/i586/pidgin-bonjour-2.7.4-0.1mdv2010.1.i586.rpm
aa4295bfecf6ea30a8f76fbea31a2950 2010.1/i586/pidgin-client-2.7.4-0.1mdv2010.1.i586.rpm
376b624fbf585bb52d38de13c2c9c10f 2010.1/i586/pidgin-i18n-2.7.4-0.1mdv2010.1.i586.rpm
4e77093d0c961860e4b2e06f28aadea2 2010.1/i586/pidgin-meanwhile-2.7.4-0.1mdv2010.1.i586.rpm
2277aba94650914da2d81ca8ecb2a0b0 2010.1/i586/pidgin-perl-2.7.4-0.1mdv2010.1.i586.rpm
385f4cd23bd21a324b66b71d7ade9ef5 2010.1/i586/pidgin-plugins-2.7.4-0.1mdv2010.1.i586.rpm
8fa9bc424818b57d0d1e44fe11c109b7 2010.1/i586/pidgin-silc-2.7.4-0.1mdv2010.1.i586.rpm
7b9ac35c31f10c4acdfc7395c1986d34 2010.1/i586/pidgin-tcl-2.7.4-0.1mdv2010.1.i586.rpm
3dbb70c26d2c34d6ea4654f3c512bb80 2010.1/SRPMS/pidgin-2.7.4-0.1mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64:
9bf4db0c952dcb7327f0b8f910007a25 2010.1/x86_64/finch-2.7.4-0.1mdv2010.1.x86_64.rpm
0f48e91b1a3438d778bbd0f7a8283df7 2010.1/x86_64/lib64finch0-2.7.4-0.1mdv2010.1.x86_64.rpm
ee07888c4238e85d0ea5e8ca27b1fc00 2010.1/x86_64/lib64purple0-2.7.4-0.1mdv2010.1.x86_64.rpm
027787856ab719b964c8a57ee4a31170 2010.1/x86_64/lib64purple-devel-2.7.4-0.1mdv2010.1.x86_64.rpm
84ef91740b17a15c59cd4b7e3e09090c 2010.1/x86_64/pidgin-2.7.4-0.1mdv2010.1.x86_64.rpm
945e9b24c36a646dcca68346d1e7dfb6 2010.1/x86_64/pidgin-bonjour-2.7.4-0.1mdv2010.1.x86_64.rpm
65990fa4e32506710e4db308274037f2 2010.1/x86_64/pidgin-client-2.7.4-0.1mdv2010.1.x86_64.rpm
098cc3fe4e0aac347c68a38873c05d79 2010.1/x86_64/pidgin-i18n-2.7.4-0.1mdv2010.1.x86_64.rpm
51a6c4767d373cba0f499c673079f2ee 2010.1/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2010.1.x86_64.rpm
ebc9d173dd649d73de62e7f06fee199b 2010.1/x86_64/pidgin-perl-2.7.4-0.1mdv2010.1.x86_64.rpm
6ca6300450ff10af4cde531f70472b3d 2010.1/x86_64/pidgin-plugins-2.7.4-0.1mdv2010.1.x86_64.rpm
ea4d539e2f361039f373637bf2ed4198 2010.1/x86_64/pidgin-silc-2.7.4-0.1mdv2010.1.x86_64.rpm
0e236ab946dc9723e5a5a04bcd43ad0c 2010.1/x86_64/pidgin-tcl-2.7.4-0.1mdv2010.1.x86_64.rpm
3dbb70c26d2c34d6ea4654f3c512bb80 2010.1/SRPMS/pidgin-2.7.4-0.1mdv2010.1.src.rpm
Mandriva Enterprise Server 5:
b5c16317d7099d21b79f19ee19ff7ae2 mes5/i586/finch-2.7.4-0.1mdvmes5.1.i586.rpm
b537734c5f52322aceb026d5db9b9162 mes5/i586/libfinch0-2.7.4-0.1mdvmes5.1.i586.rpm
11a0cf996b1356277305cc4ba1ff0d73 mes5/i586/libpurple0-2.7.4-0.1mdvmes5.1.i586.rpm
37ed98fc174bdfb18654f241d2f5b43f mes5/i586/libpurple-devel-2.7.4-0.1mdvmes5.1.i586.rpm
47a44f3d2b4ccf92fb4590c2416cd692 mes5/i586/pidgin-2.7.4-0.1mdvmes5.1.i586.rpm
f4cb4f9582bc531962b797582296f7b7 mes5/i586/pidgin-bonjour-2.7.4-0.1mdvmes5.1.i586.rpm
c2ce0880a47d79043afc6e0aa298a7c5 mes5/i586/pidgin-client-2.7.4-0.1mdvmes5.1.i586.rpm
a21cffe7e18881a0c1e46f60a0c91329 mes5/i586/pidgin-gevolution-2.7.4-0.1mdvmes5.1.i586.rpm
9d19886f22b6cf3547a11f298fed7929 mes5/i586/pidgin-i18n-2.7.4-0.1mdvmes5.1.i586.rpm
ca196aa64dd2f908f3bc6cd9859b004c mes5/i586/pidgin-meanwhile-2.7.4-0.1mdvmes5.1.i586.rpm
e3cec4a41647043fe2c62ebda38b86fb mes5/i586/pidgin-perl-2.7.4-0.1mdvmes5.1.i586.rpm
bbd471bd4884e2a5c328dcb778877b80 mes5/i586/pidgin-plugins-2.7.4-0.1mdvmes5.1.i586.rpm
f057d93c50d2731e729375398b48c36c mes5/i586/pidgin-silc-2.7.4-0.1mdvmes5.1.i586.rpm
5d6e4b4b61613b2208870b27de6be0a7 mes5/i586/pidgin-tcl-2.7.4-0.1mdvmes5.1.i586.rpm
2483e5fed52b74308507cb2f30a4c38f mes5/SRPMS/pidgin-2.7.4-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
302777f83318b579fc3bcaabf900b391 mes5/x86_64/finch-2.7.4-0.1mdvmes5.1.x86_64.rpm
bba3472cf7c7f7e9366067224679b1c7 mes5/x86_64/lib64finch0-2.7.4-0.1mdvmes5.1.x86_64.rpm
f1ef4eff8cd40dd51dc212bd80de9cfa mes5/x86_64/lib64purple0-2.7.4-0.1mdvmes5.1.x86_64.rpm
4146c636a8ec030c5047234d2f759dbf mes5/x86_64/lib64purple-devel-2.7.4-0.1mdvmes5.1.x86_64.rpm
d15e9cf42d5cfdb0134cc7e5a9de61c7 mes5/x86_64/pidgin-2.7.4-0.1mdvmes5.1.x86_64.rpm
41e1716e32c1b6012ba8caa78af071fd mes5/x86_64/pidgin-bonjour-2.7.4-0.1mdvmes5.1.x86_64.rpm
034466f6041515980f32b8215c7eb6b1 mes5/x86_64/pidgin-client-2.7.4-0.1mdvmes5.1.x86_64.rpm
bbf133dd536393c15ca04c9001dc17d7 mes5/x86_64/pidgin-gevolution-2.7.4-0.1mdvmes5.1.x86_64.rpm
b077d8da6b9b62ee1a9e3ffe39a83cff mes5/x86_64/pidgin-i18n-2.7.4-0.1mdvmes5.1.x86_64.rpm
a52e5b1422db42aec19d652ddb2af5df mes5/x86_64/pidgin-meanwhile-2.7.4-0.1mdvmes5.1.x86_64.rpm
d52129496b6514510c38ed418196be9b mes5/x86_64/pidgin-perl-2.7.4-0.1mdvmes5.1.x86_64.rpm
0008086123698397d2ce6e7513073fa2 mes5/x86_64/pidgin-plugins-2.7.4-0.1mdvmes5.1.x86_64.rpm
e1de50c4ceb7bebfd72b9cc03773fa01 mes5/x86_64/pidgin-silc-2.7.4-0.1mdvmes5.1.x86_64.rpm
735ee9a9bbed5b00b06abdb362b8442e mes5/x86_64/pidgin-tcl-2.7.4-0.1mdvmes5.1.x86_64.rpm
2483e5fed52b74308507cb2f30a4c38f mes5/SRPMS/pidgin-2.7.4-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMwBiXmqjQ0CJFipgRArZLAJ9MkstXEpf0wj8nL8m/aDOLvKKXOwCgtval
x98T648MTl8HJWgM8MyrXD0=
=fx41
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists