lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Q1f1c-0006up-Rl@titan.mandriva.com>
Date: Mon, 21 Mar 2011 14:20:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:050 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:050
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : March 21, 2011
 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in pidgin:
 
 It was discovered that libpurple versions prior to 2.7.10 do not
 properly clear certain data structures used in libpurple/cipher.c
 prior to freeing. An attacker could potentially extract partial
 information from memory regions freed by libpurple.
 
 The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10
 do not properly handle malformed YMSG packets, leading to NULL pointer
 dereferences and application crash (CVE-2011-1091).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 This update provides pidgin 2.7.11, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
 http://pidgin.im/news/security/
 http://www.pidgin.im/news/security/?id=50
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 02272c0ea45399b7de8c5ad91769ccaf  2009.0/i586/finch-2.7.11-0.2mdv2009.0.i586.rpm
 a56eb1e6da24916ddfd63c1538aaf0bc  2009.0/i586/libfinch0-2.7.11-0.2mdv2009.0.i586.rpm
 b4ea5510c4d97b27067f24d9c96e1212  2009.0/i586/libpurple0-2.7.11-0.2mdv2009.0.i586.rpm
 f77ab49a70a4f5db1b24cfa795ee5eb9  2009.0/i586/libpurple-devel-2.7.11-0.2mdv2009.0.i586.rpm
 f0b2306c0998d4b09a983e663c786193  2009.0/i586/pidgin-2.7.11-0.2mdv2009.0.i586.rpm
 f2789d7667315b04d15db7e3b5197158  2009.0/i586/pidgin-bonjour-2.7.11-0.2mdv2009.0.i586.rpm
 12930ae763926350b49c6b34c83193d2  2009.0/i586/pidgin-client-2.7.11-0.2mdv2009.0.i586.rpm
 13626e83a07a7b9326c9ce4e4e815a38  2009.0/i586/pidgin-gevolution-2.7.11-0.2mdv2009.0.i586.rpm
 4b6aa19ce16ef38993f8a9e31d516841  2009.0/i586/pidgin-i18n-2.7.11-0.2mdv2009.0.i586.rpm
 c6cbde47277d8b8e0bb41ee287498def  2009.0/i586/pidgin-meanwhile-2.7.11-0.2mdv2009.0.i586.rpm
 55de9d811460b4425ec33ee5cb5e9ada  2009.0/i586/pidgin-perl-2.7.11-0.2mdv2009.0.i586.rpm
 85d7cfca3d002b0e104ebe63c7707e86  2009.0/i586/pidgin-plugins-2.7.11-0.2mdv2009.0.i586.rpm
 46523f4fc58ee90f81d114ceac2c3194  2009.0/i586/pidgin-silc-2.7.11-0.2mdv2009.0.i586.rpm
 13434680dc34880f9cacbb8433c6068d  2009.0/i586/pidgin-tcl-2.7.11-0.2mdv2009.0.i586.rpm 
 482d48fd33b0456e45fdc967065b034f  2009.0/SRPMS/pidgin-2.7.11-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 5526e0654879e71c6067cf50d4eccff2  2009.0/x86_64/finch-2.7.11-0.2mdv2009.0.x86_64.rpm
 305546197e6a9f2d183726ebc7f5f03c  2009.0/x86_64/lib64finch0-2.7.11-0.2mdv2009.0.x86_64.rpm
 4026ea992e4e581621e9385dd33fec66  2009.0/x86_64/lib64purple0-2.7.11-0.2mdv2009.0.x86_64.rpm
 d30572d27b4dadb1078bf5481840c0db  2009.0/x86_64/lib64purple-devel-2.7.11-0.2mdv2009.0.x86_64.rpm
 e010842b726c6678f9e80511deb82f56  2009.0/x86_64/pidgin-2.7.11-0.2mdv2009.0.x86_64.rpm
 730ca0d8a3a8c88a128628237c29ce98  2009.0/x86_64/pidgin-bonjour-2.7.11-0.2mdv2009.0.x86_64.rpm
 91419b735a9179fa1e375a4b423ddbd9  2009.0/x86_64/pidgin-client-2.7.11-0.2mdv2009.0.x86_64.rpm
 15ffd7a64f98234b8630385195a8d8ca  2009.0/x86_64/pidgin-gevolution-2.7.11-0.2mdv2009.0.x86_64.rpm
 918fddb097cc3eb188de6d7f03c860c8  2009.0/x86_64/pidgin-i18n-2.7.11-0.2mdv2009.0.x86_64.rpm
 014c5daf75ca00977a2fd579cf39cda5  2009.0/x86_64/pidgin-meanwhile-2.7.11-0.2mdv2009.0.x86_64.rpm
 cd78ed435f6776883b519b74201c29b5  2009.0/x86_64/pidgin-perl-2.7.11-0.2mdv2009.0.x86_64.rpm
 b8fd7f1371113f9cef6c9baeaf239279  2009.0/x86_64/pidgin-plugins-2.7.11-0.2mdv2009.0.x86_64.rpm
 5502d8887ec65246ee16ba9bf2bdd859  2009.0/x86_64/pidgin-silc-2.7.11-0.2mdv2009.0.x86_64.rpm
 a043ab0eaba8238e93975ace64445553  2009.0/x86_64/pidgin-tcl-2.7.11-0.2mdv2009.0.x86_64.rpm 
 482d48fd33b0456e45fdc967065b034f  2009.0/SRPMS/pidgin-2.7.11-0.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 cd089b274f9f2c508ea71a9860a7e81e  2010.0/i586/finch-2.7.11-0.2mdv2010.0.i586.rpm
 92bdd3dd221dff87594c9ddea7ccae2a  2010.0/i586/libfinch0-2.7.11-0.2mdv2010.0.i586.rpm
 7ec9bea4f87d573c7ac621b0d1bb9a7c  2010.0/i586/libpurple0-2.7.11-0.2mdv2010.0.i586.rpm
 068ec31247de3cc5efd609bde8288f45  2010.0/i586/libpurple-devel-2.7.11-0.2mdv2010.0.i586.rpm
 e3f6770ecbeeb66a3a5b6c5d09246e97  2010.0/i586/pidgin-2.7.11-0.2mdv2010.0.i586.rpm
 0f3ddb35b183e5a0949658e2a9d878a8  2010.0/i586/pidgin-bonjour-2.7.11-0.2mdv2010.0.i586.rpm
 91366f3dacb3a561827fb92f30818bcf  2010.0/i586/pidgin-client-2.7.11-0.2mdv2010.0.i586.rpm
 aff60bb8589a47af9461eb9e4fe535ac  2010.0/i586/pidgin-i18n-2.7.11-0.2mdv2010.0.i586.rpm
 e5af4a521b468eb817810c64db1f9dbf  2010.0/i586/pidgin-meanwhile-2.7.11-0.2mdv2010.0.i586.rpm
 34b76b56c4d152b539b0192adaf23455  2010.0/i586/pidgin-perl-2.7.11-0.2mdv2010.0.i586.rpm
 30969dc21c07afee4c5f739910c7a364  2010.0/i586/pidgin-plugins-2.7.11-0.2mdv2010.0.i586.rpm
 82a223a52e764f710303493250497bd2  2010.0/i586/pidgin-silc-2.7.11-0.2mdv2010.0.i586.rpm
 1cba7023d19e7a2f60ee0da45d0a25d2  2010.0/i586/pidgin-tcl-2.7.11-0.2mdv2010.0.i586.rpm 
 b6824de47afccf4609f12e5c965fc1fa  2010.0/SRPMS/pidgin-2.7.11-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 7e15a3c3a6dde1b54ac450115107f28b  2010.0/x86_64/finch-2.7.11-0.2mdv2010.0.x86_64.rpm
 a4b3c4e56428541207a12d081221670a  2010.0/x86_64/lib64finch0-2.7.11-0.2mdv2010.0.x86_64.rpm
 bd22a826db8b32f6bfb6f4b8eb1d4344  2010.0/x86_64/lib64purple0-2.7.11-0.2mdv2010.0.x86_64.rpm
 deb65f4089d881b15d9dd52c9e63f051  2010.0/x86_64/lib64purple-devel-2.7.11-0.2mdv2010.0.x86_64.rpm
 beed87ce786c88aebf8f7d42b46510bc  2010.0/x86_64/pidgin-2.7.11-0.2mdv2010.0.x86_64.rpm
 fc7e641651b961bc1a0556fedc6ce0d7  2010.0/x86_64/pidgin-bonjour-2.7.11-0.2mdv2010.0.x86_64.rpm
 0abe6b7652766dc424c0af5cd512228c  2010.0/x86_64/pidgin-client-2.7.11-0.2mdv2010.0.x86_64.rpm
 3c02e69fcc4dde4e519f445453b561d3  2010.0/x86_64/pidgin-i18n-2.7.11-0.2mdv2010.0.x86_64.rpm
 bce8a3dd6ee27ca6473645b099f9c937  2010.0/x86_64/pidgin-meanwhile-2.7.11-0.2mdv2010.0.x86_64.rpm
 853565b529225e2134fc577867076934  2010.0/x86_64/pidgin-perl-2.7.11-0.2mdv2010.0.x86_64.rpm
 3c43bb7945fd920fbb598656945e61c6  2010.0/x86_64/pidgin-plugins-2.7.11-0.2mdv2010.0.x86_64.rpm
 2490e01d78f54daa02bfad01a73c62b7  2010.0/x86_64/pidgin-silc-2.7.11-0.2mdv2010.0.x86_64.rpm
 9f7b53d3e7bb3f763dcafd7ea5bc6a33  2010.0/x86_64/pidgin-tcl-2.7.11-0.2mdv2010.0.x86_64.rpm 
 b6824de47afccf4609f12e5c965fc1fa  2010.0/SRPMS/pidgin-2.7.11-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 026808d321db13dd3959c09c0870291d  2010.1/i586/finch-2.7.11-0.2mdv2010.2.i586.rpm
 6795337877c16953af8778ea7409cc02  2010.1/i586/libfinch0-2.7.11-0.2mdv2010.2.i586.rpm
 acaf6ea2525b497c01c3ab0dd8d676f7  2010.1/i586/libpurple0-2.7.11-0.2mdv2010.2.i586.rpm
 6a6ab92f284d8e94f9e6cfb0f7e75ce8  2010.1/i586/libpurple-devel-2.7.11-0.2mdv2010.2.i586.rpm
 6dbc69766a51468948eb0a0de3ca0c65  2010.1/i586/pidgin-2.7.11-0.2mdv2010.2.i586.rpm
 1845aed0441b7e537c49bfee5a811ee7  2010.1/i586/pidgin-bonjour-2.7.11-0.2mdv2010.2.i586.rpm
 ac8a5dad1500407a72184a430529c40f  2010.1/i586/pidgin-client-2.7.11-0.2mdv2010.2.i586.rpm
 3de3eb03e4a03b32a52a0224704721a1  2010.1/i586/pidgin-i18n-2.7.11-0.2mdv2010.2.i586.rpm
 ea2f55af7216565c6fc1e5361db0ce69  2010.1/i586/pidgin-meanwhile-2.7.11-0.2mdv2010.2.i586.rpm
 f416adfcef2ecf72317176c63e6ef5e3  2010.1/i586/pidgin-perl-2.7.11-0.2mdv2010.2.i586.rpm
 f1d484f54c41419aedca7f9b1a436a2e  2010.1/i586/pidgin-plugins-2.7.11-0.2mdv2010.2.i586.rpm
 d28959266d5b38c90d63077f02ed1298  2010.1/i586/pidgin-silc-2.7.11-0.2mdv2010.2.i586.rpm
 2e9b442b87c031ab8155a8df52f9793c  2010.1/i586/pidgin-tcl-2.7.11-0.2mdv2010.2.i586.rpm 
 930ca1a55c447105e1288c6a45f53161  2010.1/SRPMS/pidgin-2.7.11-0.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 a75bf57617d370a7c9c9ad36ca71db39  2010.1/x86_64/finch-2.7.11-0.2mdv2010.2.x86_64.rpm
 09df970f28dc2d3d5674750c1f9836d6  2010.1/x86_64/lib64finch0-2.7.11-0.2mdv2010.2.x86_64.rpm
 96cbaaa67c894d9812cdbac93472c103  2010.1/x86_64/lib64purple0-2.7.11-0.2mdv2010.2.x86_64.rpm
 2fe0b3e647fdffb778e404f26cfb6489  2010.1/x86_64/lib64purple-devel-2.7.11-0.2mdv2010.2.x86_64.rpm
 0e662738d89dd37b8b1ef1e757e5e618  2010.1/x86_64/pidgin-2.7.11-0.2mdv2010.2.x86_64.rpm
 87677f66c63f6a6bdb1f861dc4a344ed  2010.1/x86_64/pidgin-bonjour-2.7.11-0.2mdv2010.2.x86_64.rpm
 073fab54248329d6bf32384a66dd45a6  2010.1/x86_64/pidgin-client-2.7.11-0.2mdv2010.2.x86_64.rpm
 ba6f0cd87136a0bbb28bea0e042fbdc0  2010.1/x86_64/pidgin-i18n-2.7.11-0.2mdv2010.2.x86_64.rpm
 3631bd926ab388282cc26f1aa84558c3  2010.1/x86_64/pidgin-meanwhile-2.7.11-0.2mdv2010.2.x86_64.rpm
 f8a431960b83b9d850d95d33782d9a0e  2010.1/x86_64/pidgin-perl-2.7.11-0.2mdv2010.2.x86_64.rpm
 2cb185bfa3d598610c157e3b9b27ad75  2010.1/x86_64/pidgin-plugins-2.7.11-0.2mdv2010.2.x86_64.rpm
 ec043019418e5f9baf3280195259aeb5  2010.1/x86_64/pidgin-silc-2.7.11-0.2mdv2010.2.x86_64.rpm
 bb8c246dccb0edf2915e3ec752af1cc4  2010.1/x86_64/pidgin-tcl-2.7.11-0.2mdv2010.2.x86_64.rpm 
 930ca1a55c447105e1288c6a45f53161  2010.1/SRPMS/pidgin-2.7.11-0.2mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 1e3ad1b92aaf9b058a8e42fc7e3f318c  mes5/i586/finch-2.7.11-0.2mdvmes5.2.i586.rpm
 7ba1e7c867fe14f93f75da870148b0cd  mes5/i586/libfinch0-2.7.11-0.2mdvmes5.2.i586.rpm
 61371efd06e2578fec9735767a3c535b  mes5/i586/libpurple0-2.7.11-0.2mdvmes5.2.i586.rpm
 cbd6e53d3bef5c96ac19f255ddd34539  mes5/i586/libpurple-devel-2.7.11-0.2mdvmes5.2.i586.rpm
 4c48c636da767806d036de1d50670cee  mes5/i586/pidgin-2.7.11-0.2mdvmes5.2.i586.rpm
 5da5bfa0f6ac6f57ec7e8b4760800ca9  mes5/i586/pidgin-bonjour-2.7.11-0.2mdvmes5.2.i586.rpm
 77ac8a8a4515c9856b22e822b59936d0  mes5/i586/pidgin-client-2.7.11-0.2mdvmes5.2.i586.rpm
 71b95113f643294a45a4915250c7f3dc  mes5/i586/pidgin-gevolution-2.7.11-0.2mdvmes5.2.i586.rpm
 5b4d95d26d978a07b21478500cf1d843  mes5/i586/pidgin-i18n-2.7.11-0.2mdvmes5.2.i586.rpm
 aa03169b88348e19b3392e9ac1db9321  mes5/i586/pidgin-meanwhile-2.7.11-0.2mdvmes5.2.i586.rpm
 60aa33eda063d596568dc1285ed02ffa  mes5/i586/pidgin-perl-2.7.11-0.2mdvmes5.2.i586.rpm
 99d79def857a8540f20c5b9d3f9af4f3  mes5/i586/pidgin-plugins-2.7.11-0.2mdvmes5.2.i586.rpm
 ecd19053f387e7d2c9c311bba1ce0345  mes5/i586/pidgin-silc-2.7.11-0.2mdvmes5.2.i586.rpm
 e46a2af4b4b483422b1444a400c4326f  mes5/i586/pidgin-tcl-2.7.11-0.2mdvmes5.2.i586.rpm 
 519a5739ec90348e9c0c913db00a1bda  mes5/SRPMS/pidgin-2.7.11-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 efad2e14e43adaf9a603476cd0cb96c7  mes5/x86_64/finch-2.7.11-0.2mdvmes5.2.x86_64.rpm
 9ecf9785b1cf3559c9e4eb574d741e1a  mes5/x86_64/lib64finch0-2.7.11-0.2mdvmes5.2.x86_64.rpm
 c7b753e051fcab5f10f326b6258fa5cb  mes5/x86_64/lib64purple0-2.7.11-0.2mdvmes5.2.x86_64.rpm
 f8f1f05027272163e7bf89a9bbf6c729  mes5/x86_64/lib64purple-devel-2.7.11-0.2mdvmes5.2.x86_64.rpm
 047b794605866b547b73c0c39a1a1cdc  mes5/x86_64/pidgin-2.7.11-0.2mdvmes5.2.x86_64.rpm
 02c72f23542a310c733e3d34055e77d5  mes5/x86_64/pidgin-bonjour-2.7.11-0.2mdvmes5.2.x86_64.rpm
 edf63c606244670e52c5c411d0e05079  mes5/x86_64/pidgin-client-2.7.11-0.2mdvmes5.2.x86_64.rpm
 9c24cd7e741f360acd336dafa211c48a  mes5/x86_64/pidgin-gevolution-2.7.11-0.2mdvmes5.2.x86_64.rpm
 353e1b7c0bd2e0e3ce828886260d8059  mes5/x86_64/pidgin-i18n-2.7.11-0.2mdvmes5.2.x86_64.rpm
 885bba4bcf04a03b350d24f2e24d03cc  mes5/x86_64/pidgin-meanwhile-2.7.11-0.2mdvmes5.2.x86_64.rpm
 8c5c057d080404a6f44d8e5b0bada975  mes5/x86_64/pidgin-perl-2.7.11-0.2mdvmes5.2.x86_64.rpm
 da1430c5131cf10fca52ce5c810b1da4  mes5/x86_64/pidgin-plugins-2.7.11-0.2mdvmes5.2.x86_64.rpm
 176c13d9a1d4556cf507fbdc8cb2e9bc  mes5/x86_64/pidgin-silc-2.7.11-0.2mdvmes5.2.x86_64.rpm
 a2d085db784fe652c82a07bf3fa2408b  mes5/x86_64/pidgin-tcl-2.7.11-0.2mdvmes5.2.x86_64.rpm 
 519a5739ec90348e9c0c913db00a1bda  mes5/SRPMS/pidgin-2.7.11-0.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNhyAhmqjQ0CJFipgRAm2MAKDTsiKn05AyvmkhUMuBytCviBXGXACdGCPR
Y2w+ZPLVesVZe5ZLOxPekm0=
=aJu8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ