[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PVrTB-0000Y5-F8@titan.mandriva.com>
Date: Thu, 23 Dec 2010 21:09:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:259 ] pidgin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:259
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : December 23, 2010
Affected: 2009.0, 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A null pointer dereference due to receiving a short packet for a direct
connection in the MSN code could potentially cause a denial of service.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
This update provides pidgin 2.7.8 that has been patched to address
this flaw.
_______________________________________________________________________
References:
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
c268cfea5df24d94a1fce4ed9e9c8e2b 2009.0/i586/finch-2.7.8-0.2mdv2009.0.i586.rpm
1b83a79a24630273cb0fd6de36063d01 2009.0/i586/libfinch0-2.7.8-0.2mdv2009.0.i586.rpm
5ac73ba5e6b8f422fdd2dc8216112072 2009.0/i586/libpurple0-2.7.8-0.2mdv2009.0.i586.rpm
297f0cdd8b87c5cd4909c3c6fbe1ac31 2009.0/i586/libpurple-devel-2.7.8-0.2mdv2009.0.i586.rpm
e57619f18b1e859ee22631c2f393be6b 2009.0/i586/pidgin-2.7.8-0.2mdv2009.0.i586.rpm
0b317674aa0aa78c7b2601ebd66ef886 2009.0/i586/pidgin-bonjour-2.7.8-0.2mdv2009.0.i586.rpm
e2e068ed1acc961c256fb5fb3a6bc4a7 2009.0/i586/pidgin-client-2.7.8-0.2mdv2009.0.i586.rpm
409b5693a3d350d54a6b1b07dcfe4e88 2009.0/i586/pidgin-gevolution-2.7.8-0.2mdv2009.0.i586.rpm
64d503c98a0048ecae1f6959e1902c7b 2009.0/i586/pidgin-i18n-2.7.8-0.2mdv2009.0.i586.rpm
2fd2ea0ba84497c5dd778b8a4996a446 2009.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2009.0.i586.rpm
195a0fca668c2cb8b049aa2f878d6b99 2009.0/i586/pidgin-perl-2.7.8-0.2mdv2009.0.i586.rpm
eab1d0f42237cb2de2bf0dcdb60c01f5 2009.0/i586/pidgin-plugins-2.7.8-0.2mdv2009.0.i586.rpm
df33bb5b86bd903aa82e31b3ae2c7405 2009.0/i586/pidgin-silc-2.7.8-0.2mdv2009.0.i586.rpm
356ff080f65bc0e6dbff9f3292ab35ed 2009.0/i586/pidgin-tcl-2.7.8-0.2mdv2009.0.i586.rpm
6fe3a267b0c994c98252defc0229d73f 2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
07cbd9d2d40cb069ea315cb55dc1d5b9 2009.0/x86_64/finch-2.7.8-0.2mdv2009.0.x86_64.rpm
2759f7a76653f15d33e23828041e775d 2009.0/x86_64/lib64finch0-2.7.8-0.2mdv2009.0.x86_64.rpm
f120e2602535fdd5736a3f0051d97648 2009.0/x86_64/lib64purple0-2.7.8-0.2mdv2009.0.x86_64.rpm
c477958fdb03426af9cd29a7da91373d 2009.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2009.0.x86_64.rpm
e7d575b135dc40ffe447e85958e89f0f 2009.0/x86_64/pidgin-2.7.8-0.2mdv2009.0.x86_64.rpm
0ba47012d00f1682c00fd9b87072129e 2009.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2009.0.x86_64.rpm
55eeaf467e82d003abf5de61b65f5ae0 2009.0/x86_64/pidgin-client-2.7.8-0.2mdv2009.0.x86_64.rpm
4478c7c5301da7fcb78c989eb18d9497 2009.0/x86_64/pidgin-gevolution-2.7.8-0.2mdv2009.0.x86_64.rpm
448777d63afc82270d18b2a99fa5294a 2009.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2009.0.x86_64.rpm
51080c450cb241977de0a5c94564c368 2009.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2009.0.x86_64.rpm
7e8cb3ebcd3b71134ee00761766d6407 2009.0/x86_64/pidgin-perl-2.7.8-0.2mdv2009.0.x86_64.rpm
2f06b7d807934fdb4a3ada32e7e1dcc7 2009.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2009.0.x86_64.rpm
123067587dab1f25871be80313bba3c5 2009.0/x86_64/pidgin-silc-2.7.8-0.2mdv2009.0.x86_64.rpm
d7d55cb2e4ca769ea94a3a44690bc7d1 2009.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2009.0.x86_64.rpm
6fe3a267b0c994c98252defc0229d73f 2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm
Mandriva Linux 2010.0:
9c7d51a088df133d4caa4b8059ba821a 2010.0/i586/finch-2.7.8-0.2mdv2010.0.i586.rpm
8dedd9ee7739e0ed384df88f63501412 2010.0/i586/libfinch0-2.7.8-0.2mdv2010.0.i586.rpm
f67e74064a653bb9a2812eb78a307cff 2010.0/i586/libpurple0-2.7.8-0.2mdv2010.0.i586.rpm
3483a4e99e028e5b09ea0165b176c037 2010.0/i586/libpurple-devel-2.7.8-0.2mdv2010.0.i586.rpm
5117c80ad19c56b39280f7c3dfdd1872 2010.0/i586/pidgin-2.7.8-0.2mdv2010.0.i586.rpm
dc33975bc058eb24168e029967889c5b 2010.0/i586/pidgin-bonjour-2.7.8-0.2mdv2010.0.i586.rpm
b9104754d162f03f083da877997c9150 2010.0/i586/pidgin-client-2.7.8-0.2mdv2010.0.i586.rpm
1013da7e359b8cc576ebea1aebbfcce6 2010.0/i586/pidgin-i18n-2.7.8-0.2mdv2010.0.i586.rpm
a686ada4efeea86b8bff3b1a861084f3 2010.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.0.i586.rpm
361dc60eeeabf18fe147aa636c94c04f 2010.0/i586/pidgin-perl-2.7.8-0.2mdv2010.0.i586.rpm
a001335057f3aebd6733378469d58871 2010.0/i586/pidgin-plugins-2.7.8-0.2mdv2010.0.i586.rpm
0cdc172b5dc0b62f0468c4ed00a4141d 2010.0/i586/pidgin-silc-2.7.8-0.2mdv2010.0.i586.rpm
6d09b87891d3b38b4b7a70a6a69261d2 2010.0/i586/pidgin-tcl-2.7.8-0.2mdv2010.0.i586.rpm
87d1c35adea182f5c6fbd187e8815858 2010.0/SRPMS/pidgin-2.7.8-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
b40f56b630365c00a97ead18ec967d61 2010.0/x86_64/finch-2.7.8-0.2mdv2010.0.x86_64.rpm
e525ea790b597c5cbf604ab2932181d3 2010.0/x86_64/lib64finch0-2.7.8-0.2mdv2010.0.x86_64.rpm
020dcc6b1e591706f3e99834744518f2 2010.0/x86_64/lib64purple0-2.7.8-0.2mdv2010.0.x86_64.rpm
b1cedf83cc51349125bd7a2d76989077 2010.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2010.0.x86_64.rpm
a18a5c874f8c3b592cfe61d83f6e6e99 2010.0/x86_64/pidgin-2.7.8-0.2mdv2010.0.x86_64.rpm
fa88e960d1d7c57702c2210959008b1c 2010.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2010.0.x86_64.rpm
3286b40bd1d4462856d2b5a34bb0916d 2010.0/x86_64/pidgin-client-2.7.8-0.2mdv2010.0.x86_64.rpm
049edf51e477cb91f384570ab5ff01d3 2010.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2010.0.x86_64.rpm
2b760a08fd10db1ef5411885ee694193 2010.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2010.0.x86_64.rpm
adf7a8859788c1ca68631b75be60d299 2010.0/x86_64/pidgin-perl-2.7.8-0.2mdv2010.0.x86_64.rpm
df51e790321048b97335e725e9c6d7df 2010.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2010.0.x86_64.rpm
829687c6a8d5fa0f760f765343e4c200 2010.0/x86_64/pidgin-silc-2.7.8-0.2mdv2010.0.x86_64.rpm
b3502ec93ebd6e958505e63aae5686b1 2010.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2010.0.x86_64.rpm
87d1c35adea182f5c6fbd187e8815858 2010.0/SRPMS/pidgin-2.7.8-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
74cb4cf9b5aa4b94a0147d66ac22349d 2010.1/i586/finch-2.7.8-0.2mdv2010.2.i586.rpm
f90711256198922fc34e4edba05652d6 2010.1/i586/libfinch0-2.7.8-0.2mdv2010.2.i586.rpm
9379d5da89a47d4eeeeafe59f4c4f4ff 2010.1/i586/libpurple0-2.7.8-0.2mdv2010.2.i586.rpm
34b5a59ee270f2be0cbe260c3707d219 2010.1/i586/libpurple-devel-2.7.8-0.2mdv2010.2.i586.rpm
0b26de9d7b8d39a1a8cf58c759dc3af8 2010.1/i586/pidgin-2.7.8-0.2mdv2010.2.i586.rpm
d7bcff42749fe39a4bd89fe4201b1485 2010.1/i586/pidgin-bonjour-2.7.8-0.2mdv2010.2.i586.rpm
2b683a5458cc9e3ae3793079c5df938e 2010.1/i586/pidgin-client-2.7.8-0.2mdv2010.2.i586.rpm
f79a2b1ba4eb21995e267ebc2860f341 2010.1/i586/pidgin-i18n-2.7.8-0.2mdv2010.2.i586.rpm
8012ea3e2586f501e4f34c2b9f9e89f2 2010.1/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.2.i586.rpm
769754a61349368f329675f806824ace 2010.1/i586/pidgin-perl-2.7.8-0.2mdv2010.2.i586.rpm
97f2b9be94a0dd401d7ecfcf8eb69fbb 2010.1/i586/pidgin-plugins-2.7.8-0.2mdv2010.2.i586.rpm
c91962801f9650181c0283a02b31b21b 2010.1/i586/pidgin-silc-2.7.8-0.2mdv2010.2.i586.rpm
0543ee22ba84e863e6ab99d226484c18 2010.1/i586/pidgin-tcl-2.7.8-0.2mdv2010.2.i586.rpm
9d7f4179011f3aca5b673dbafd2c3468 2010.1/SRPMS/pidgin-2.7.8-0.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
117d8a76e2ea3fac0a3cca25bd28bf9b 2010.1/x86_64/finch-2.7.8-0.2mdv2010.2.x86_64.rpm
cc024e6b5d6eee9041e90360f55b3b04 2010.1/x86_64/lib64finch0-2.7.8-0.2mdv2010.2.x86_64.rpm
e790365c65924586f6c2b643b24952b2 2010.1/x86_64/lib64purple0-2.7.8-0.2mdv2010.2.x86_64.rpm
53c6c2eff7bfbceaec92a8df6b64d30b 2010.1/x86_64/lib64purple-devel-2.7.8-0.2mdv2010.2.x86_64.rpm
00b22964d5b593c6f904902f450ba1ae 2010.1/x86_64/pidgin-2.7.8-0.2mdv2010.2.x86_64.rpm
dee39f6e286eb489f117ecaf57ef499e 2010.1/x86_64/pidgin-bonjour-2.7.8-0.2mdv2010.2.x86_64.rpm
c8d020fc2e2e05d1a3352963cfa0dc0a 2010.1/x86_64/pidgin-client-2.7.8-0.2mdv2010.2.x86_64.rpm
7fa14a0098feab1c02697c841b3796c2 2010.1/x86_64/pidgin-i18n-2.7.8-0.2mdv2010.2.x86_64.rpm
bad46d7ca81d3d46f339bfedeced5348 2010.1/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2010.2.x86_64.rpm
d25554d56b875228e4472ef3e23224c4 2010.1/x86_64/pidgin-perl-2.7.8-0.2mdv2010.2.x86_64.rpm
bc14015efb24f82dc4a2524a8c64cf21 2010.1/x86_64/pidgin-plugins-2.7.8-0.2mdv2010.2.x86_64.rpm
f4e7f1a997442b5ebb7bdb32460cd877 2010.1/x86_64/pidgin-silc-2.7.8-0.2mdv2010.2.x86_64.rpm
b97e549eed5ea9019a4c3cc5a79afb51 2010.1/x86_64/pidgin-tcl-2.7.8-0.2mdv2010.2.x86_64.rpm
9d7f4179011f3aca5b673dbafd2c3468 2010.1/SRPMS/pidgin-2.7.8-0.2mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNE32zmqjQ0CJFipgRAp5DAJ4rRDognZZUglx90OtRDadsUugqFACdG1+V
xdqR0lhSNp11SBo1zX9I/U4=
=iBBx
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists