lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PVrTB-0000Y5-F8@titan.mandriva.com>
Date: Thu, 23 Dec 2010 21:09:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:259 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:259
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : December 23, 2010
 Affected: 2009.0, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A null pointer dereference due to receiving a short packet for a direct
 connection in the MSN code could potentially cause a denial of service.
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 This update provides pidgin 2.7.8 that has been patched to address
 this flaw.
 _______________________________________________________________________

 References:

 http://pidgin.im/news/security/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 c268cfea5df24d94a1fce4ed9e9c8e2b  2009.0/i586/finch-2.7.8-0.2mdv2009.0.i586.rpm
 1b83a79a24630273cb0fd6de36063d01  2009.0/i586/libfinch0-2.7.8-0.2mdv2009.0.i586.rpm
 5ac73ba5e6b8f422fdd2dc8216112072  2009.0/i586/libpurple0-2.7.8-0.2mdv2009.0.i586.rpm
 297f0cdd8b87c5cd4909c3c6fbe1ac31  2009.0/i586/libpurple-devel-2.7.8-0.2mdv2009.0.i586.rpm
 e57619f18b1e859ee22631c2f393be6b  2009.0/i586/pidgin-2.7.8-0.2mdv2009.0.i586.rpm
 0b317674aa0aa78c7b2601ebd66ef886  2009.0/i586/pidgin-bonjour-2.7.8-0.2mdv2009.0.i586.rpm
 e2e068ed1acc961c256fb5fb3a6bc4a7  2009.0/i586/pidgin-client-2.7.8-0.2mdv2009.0.i586.rpm
 409b5693a3d350d54a6b1b07dcfe4e88  2009.0/i586/pidgin-gevolution-2.7.8-0.2mdv2009.0.i586.rpm
 64d503c98a0048ecae1f6959e1902c7b  2009.0/i586/pidgin-i18n-2.7.8-0.2mdv2009.0.i586.rpm
 2fd2ea0ba84497c5dd778b8a4996a446  2009.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2009.0.i586.rpm
 195a0fca668c2cb8b049aa2f878d6b99  2009.0/i586/pidgin-perl-2.7.8-0.2mdv2009.0.i586.rpm
 eab1d0f42237cb2de2bf0dcdb60c01f5  2009.0/i586/pidgin-plugins-2.7.8-0.2mdv2009.0.i586.rpm
 df33bb5b86bd903aa82e31b3ae2c7405  2009.0/i586/pidgin-silc-2.7.8-0.2mdv2009.0.i586.rpm
 356ff080f65bc0e6dbff9f3292ab35ed  2009.0/i586/pidgin-tcl-2.7.8-0.2mdv2009.0.i586.rpm 
 6fe3a267b0c994c98252defc0229d73f  2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 07cbd9d2d40cb069ea315cb55dc1d5b9  2009.0/x86_64/finch-2.7.8-0.2mdv2009.0.x86_64.rpm
 2759f7a76653f15d33e23828041e775d  2009.0/x86_64/lib64finch0-2.7.8-0.2mdv2009.0.x86_64.rpm
 f120e2602535fdd5736a3f0051d97648  2009.0/x86_64/lib64purple0-2.7.8-0.2mdv2009.0.x86_64.rpm
 c477958fdb03426af9cd29a7da91373d  2009.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2009.0.x86_64.rpm
 e7d575b135dc40ffe447e85958e89f0f  2009.0/x86_64/pidgin-2.7.8-0.2mdv2009.0.x86_64.rpm
 0ba47012d00f1682c00fd9b87072129e  2009.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2009.0.x86_64.rpm
 55eeaf467e82d003abf5de61b65f5ae0  2009.0/x86_64/pidgin-client-2.7.8-0.2mdv2009.0.x86_64.rpm
 4478c7c5301da7fcb78c989eb18d9497  2009.0/x86_64/pidgin-gevolution-2.7.8-0.2mdv2009.0.x86_64.rpm
 448777d63afc82270d18b2a99fa5294a  2009.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2009.0.x86_64.rpm
 51080c450cb241977de0a5c94564c368  2009.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2009.0.x86_64.rpm
 7e8cb3ebcd3b71134ee00761766d6407  2009.0/x86_64/pidgin-perl-2.7.8-0.2mdv2009.0.x86_64.rpm
 2f06b7d807934fdb4a3ada32e7e1dcc7  2009.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2009.0.x86_64.rpm
 123067587dab1f25871be80313bba3c5  2009.0/x86_64/pidgin-silc-2.7.8-0.2mdv2009.0.x86_64.rpm
 d7d55cb2e4ca769ea94a3a44690bc7d1  2009.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2009.0.x86_64.rpm 
 6fe3a267b0c994c98252defc0229d73f  2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 9c7d51a088df133d4caa4b8059ba821a  2010.0/i586/finch-2.7.8-0.2mdv2010.0.i586.rpm
 8dedd9ee7739e0ed384df88f63501412  2010.0/i586/libfinch0-2.7.8-0.2mdv2010.0.i586.rpm
 f67e74064a653bb9a2812eb78a307cff  2010.0/i586/libpurple0-2.7.8-0.2mdv2010.0.i586.rpm
 3483a4e99e028e5b09ea0165b176c037  2010.0/i586/libpurple-devel-2.7.8-0.2mdv2010.0.i586.rpm
 5117c80ad19c56b39280f7c3dfdd1872  2010.0/i586/pidgin-2.7.8-0.2mdv2010.0.i586.rpm
 dc33975bc058eb24168e029967889c5b  2010.0/i586/pidgin-bonjour-2.7.8-0.2mdv2010.0.i586.rpm
 b9104754d162f03f083da877997c9150  2010.0/i586/pidgin-client-2.7.8-0.2mdv2010.0.i586.rpm
 1013da7e359b8cc576ebea1aebbfcce6  2010.0/i586/pidgin-i18n-2.7.8-0.2mdv2010.0.i586.rpm
 a686ada4efeea86b8bff3b1a861084f3  2010.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.0.i586.rpm
 361dc60eeeabf18fe147aa636c94c04f  2010.0/i586/pidgin-perl-2.7.8-0.2mdv2010.0.i586.rpm
 a001335057f3aebd6733378469d58871  2010.0/i586/pidgin-plugins-2.7.8-0.2mdv2010.0.i586.rpm
 0cdc172b5dc0b62f0468c4ed00a4141d  2010.0/i586/pidgin-silc-2.7.8-0.2mdv2010.0.i586.rpm
 6d09b87891d3b38b4b7a70a6a69261d2  2010.0/i586/pidgin-tcl-2.7.8-0.2mdv2010.0.i586.rpm 
 87d1c35adea182f5c6fbd187e8815858  2010.0/SRPMS/pidgin-2.7.8-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 b40f56b630365c00a97ead18ec967d61  2010.0/x86_64/finch-2.7.8-0.2mdv2010.0.x86_64.rpm
 e525ea790b597c5cbf604ab2932181d3  2010.0/x86_64/lib64finch0-2.7.8-0.2mdv2010.0.x86_64.rpm
 020dcc6b1e591706f3e99834744518f2  2010.0/x86_64/lib64purple0-2.7.8-0.2mdv2010.0.x86_64.rpm
 b1cedf83cc51349125bd7a2d76989077  2010.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2010.0.x86_64.rpm
 a18a5c874f8c3b592cfe61d83f6e6e99  2010.0/x86_64/pidgin-2.7.8-0.2mdv2010.0.x86_64.rpm
 fa88e960d1d7c57702c2210959008b1c  2010.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2010.0.x86_64.rpm
 3286b40bd1d4462856d2b5a34bb0916d  2010.0/x86_64/pidgin-client-2.7.8-0.2mdv2010.0.x86_64.rpm
 049edf51e477cb91f384570ab5ff01d3  2010.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2010.0.x86_64.rpm
 2b760a08fd10db1ef5411885ee694193  2010.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2010.0.x86_64.rpm
 adf7a8859788c1ca68631b75be60d299  2010.0/x86_64/pidgin-perl-2.7.8-0.2mdv2010.0.x86_64.rpm
 df51e790321048b97335e725e9c6d7df  2010.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2010.0.x86_64.rpm
 829687c6a8d5fa0f760f765343e4c200  2010.0/x86_64/pidgin-silc-2.7.8-0.2mdv2010.0.x86_64.rpm
 b3502ec93ebd6e958505e63aae5686b1  2010.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2010.0.x86_64.rpm 
 87d1c35adea182f5c6fbd187e8815858  2010.0/SRPMS/pidgin-2.7.8-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 74cb4cf9b5aa4b94a0147d66ac22349d  2010.1/i586/finch-2.7.8-0.2mdv2010.2.i586.rpm
 f90711256198922fc34e4edba05652d6  2010.1/i586/libfinch0-2.7.8-0.2mdv2010.2.i586.rpm
 9379d5da89a47d4eeeeafe59f4c4f4ff  2010.1/i586/libpurple0-2.7.8-0.2mdv2010.2.i586.rpm
 34b5a59ee270f2be0cbe260c3707d219  2010.1/i586/libpurple-devel-2.7.8-0.2mdv2010.2.i586.rpm
 0b26de9d7b8d39a1a8cf58c759dc3af8  2010.1/i586/pidgin-2.7.8-0.2mdv2010.2.i586.rpm
 d7bcff42749fe39a4bd89fe4201b1485  2010.1/i586/pidgin-bonjour-2.7.8-0.2mdv2010.2.i586.rpm
 2b683a5458cc9e3ae3793079c5df938e  2010.1/i586/pidgin-client-2.7.8-0.2mdv2010.2.i586.rpm
 f79a2b1ba4eb21995e267ebc2860f341  2010.1/i586/pidgin-i18n-2.7.8-0.2mdv2010.2.i586.rpm
 8012ea3e2586f501e4f34c2b9f9e89f2  2010.1/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.2.i586.rpm
 769754a61349368f329675f806824ace  2010.1/i586/pidgin-perl-2.7.8-0.2mdv2010.2.i586.rpm
 97f2b9be94a0dd401d7ecfcf8eb69fbb  2010.1/i586/pidgin-plugins-2.7.8-0.2mdv2010.2.i586.rpm
 c91962801f9650181c0283a02b31b21b  2010.1/i586/pidgin-silc-2.7.8-0.2mdv2010.2.i586.rpm
 0543ee22ba84e863e6ab99d226484c18  2010.1/i586/pidgin-tcl-2.7.8-0.2mdv2010.2.i586.rpm 
 9d7f4179011f3aca5b673dbafd2c3468  2010.1/SRPMS/pidgin-2.7.8-0.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 117d8a76e2ea3fac0a3cca25bd28bf9b  2010.1/x86_64/finch-2.7.8-0.2mdv2010.2.x86_64.rpm
 cc024e6b5d6eee9041e90360f55b3b04  2010.1/x86_64/lib64finch0-2.7.8-0.2mdv2010.2.x86_64.rpm
 e790365c65924586f6c2b643b24952b2  2010.1/x86_64/lib64purple0-2.7.8-0.2mdv2010.2.x86_64.rpm
 53c6c2eff7bfbceaec92a8df6b64d30b  2010.1/x86_64/lib64purple-devel-2.7.8-0.2mdv2010.2.x86_64.rpm
 00b22964d5b593c6f904902f450ba1ae  2010.1/x86_64/pidgin-2.7.8-0.2mdv2010.2.x86_64.rpm
 dee39f6e286eb489f117ecaf57ef499e  2010.1/x86_64/pidgin-bonjour-2.7.8-0.2mdv2010.2.x86_64.rpm
 c8d020fc2e2e05d1a3352963cfa0dc0a  2010.1/x86_64/pidgin-client-2.7.8-0.2mdv2010.2.x86_64.rpm
 7fa14a0098feab1c02697c841b3796c2  2010.1/x86_64/pidgin-i18n-2.7.8-0.2mdv2010.2.x86_64.rpm
 bad46d7ca81d3d46f339bfedeced5348  2010.1/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2010.2.x86_64.rpm
 d25554d56b875228e4472ef3e23224c4  2010.1/x86_64/pidgin-perl-2.7.8-0.2mdv2010.2.x86_64.rpm
 bc14015efb24f82dc4a2524a8c64cf21  2010.1/x86_64/pidgin-plugins-2.7.8-0.2mdv2010.2.x86_64.rpm
 f4e7f1a997442b5ebb7bdb32460cd877  2010.1/x86_64/pidgin-silc-2.7.8-0.2mdv2010.2.x86_64.rpm
 b97e549eed5ea9019a4c3cc5a79afb51  2010.1/x86_64/pidgin-tcl-2.7.8-0.2mdv2010.2.x86_64.rpm 
 9d7f4179011f3aca5b673dbafd2c3468  2010.1/SRPMS/pidgin-2.7.8-0.2mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNE32zmqjQ0CJFipgRAp5DAJ4rRDognZZUglx90OtRDadsUugqFACdG1+V
xdqR0lhSNp11SBo1zX9I/U4=
=iBBx
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ