lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RZX0O-0008PP-Vh@titan.mandriva.com>
Date: Sun, 11 Dec 2011 01:11:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:183 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:183
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : December 10, 2011
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in pidgin:
 
 When receiving various stanzas related to voice and video chat,
 the XMPP protocol plugin failed to ensure that the incoming message
 contained all required fields, and would crash if certain fields
 were missing.
 
 When receiving various messages related to requesting or receiving
 authorization for adding a buddy to a buddy list, the oscar protocol
 plugin failed to validate that a piece of text was UTF-8. In some
 cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).
 
 When receiving various incoming messages, the SILC protocol plugin
 failed to validate that a piece of text was UTF-8. In some cases
 invalid UTF-8 data would lead to a crash (CVE-2011-3594).
 
 This update provides pidgin 2.10.1, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4601
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3594
 http://www.pidgin.im/news/security/
 http://pidgin.im/news/security/?id=56
 http://pidgin.im/news/security/?id=57
 http://pidgin.im/news/security/?id=58
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 5760fb2021c3bcd9a9cc868c4d372ed9  2010.1/i586/finch-2.10.1-0.1mdv2010.2.i586.rpm
 c3780080c901d37497d05a64ad04861c  2010.1/i586/libfinch0-2.10.1-0.1mdv2010.2.i586.rpm
 44dab21da24dc0cbe87aa77cc169284c  2010.1/i586/libpurple0-2.10.1-0.1mdv2010.2.i586.rpm
 8a02d670933e11151ed49c836dc8e7fb  2010.1/i586/libpurple-devel-2.10.1-0.1mdv2010.2.i586.rpm
 e5565acb778b22f18c58d9f58936904d  2010.1/i586/pidgin-2.10.1-0.1mdv2010.2.i586.rpm
 8d7dd47702343d6faf2cb8fc37905cb3  2010.1/i586/pidgin-bonjour-2.10.1-0.1mdv2010.2.i586.rpm
 aee6e7d5b101af04a3d1bb565de1a48f  2010.1/i586/pidgin-client-2.10.1-0.1mdv2010.2.i586.rpm
 6d6e5c647e0c88b8aec6044f13e3616c  2010.1/i586/pidgin-gevolution-2.10.1-0.1mdv2010.2.i586.rpm
 70b22a04176ec1e5240b4e43722cede3  2010.1/i586/pidgin-i18n-2.10.1-0.1mdv2010.2.i586.rpm
 6673de268a4c53b44dae91487944c211  2010.1/i586/pidgin-meanwhile-2.10.1-0.1mdv2010.2.i586.rpm
 6862f6fc918cca0d60a162e9c160e452  2010.1/i586/pidgin-perl-2.10.1-0.1mdv2010.2.i586.rpm
 754903e35ac3b0e77d2c13e846dbdc41  2010.1/i586/pidgin-plugins-2.10.1-0.1mdv2010.2.i586.rpm
 2e16473bc98b8f4dda76b89b44690322  2010.1/i586/pidgin-silc-2.10.1-0.1mdv2010.2.i586.rpm
 fd8a4eb06e140550966e9d4dd47e8647  2010.1/i586/pidgin-tcl-2.10.1-0.1mdv2010.2.i586.rpm 
 67da842fb1886685ed1f9d1a2811ca41  2010.1/SRPMS/pidgin-2.10.1-0.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 19214e80ad6e07bc8fbd76a770f5fb41  2010.1/x86_64/finch-2.10.1-0.1mdv2010.2.x86_64.rpm
 b5fc8b19bc3566a9845e44e63ca91cd3  2010.1/x86_64/lib64finch0-2.10.1-0.1mdv2010.2.x86_64.rpm
 9465e855935e5f1a1159824ca3529080  2010.1/x86_64/lib64purple0-2.10.1-0.1mdv2010.2.x86_64.rpm
 5d8608f39db8a0888c05ebd592dee061  2010.1/x86_64/lib64purple-devel-2.10.1-0.1mdv2010.2.x86_64.rpm
 7adaa941cd2bca0445e112f0d2a35f16  2010.1/x86_64/pidgin-2.10.1-0.1mdv2010.2.x86_64.rpm
 56a3a11402f7397ba723cf341f7ff73c  2010.1/x86_64/pidgin-bonjour-2.10.1-0.1mdv2010.2.x86_64.rpm
 e9877b42a24ad67f1c90a959809f543b  2010.1/x86_64/pidgin-client-2.10.1-0.1mdv2010.2.x86_64.rpm
 55a597ea9298a7a34ce1c086982eb557  2010.1/x86_64/pidgin-gevolution-2.10.1-0.1mdv2010.2.x86_64.rpm
 55461139c45ddb5851336ddcf0e89dab  2010.1/x86_64/pidgin-i18n-2.10.1-0.1mdv2010.2.x86_64.rpm
 0a092014c245cf7b258e83308ab12b4a  2010.1/x86_64/pidgin-meanwhile-2.10.1-0.1mdv2010.2.x86_64.rpm
 718579ad386213ebd9c73c9a4d2810db  2010.1/x86_64/pidgin-perl-2.10.1-0.1mdv2010.2.x86_64.rpm
 bb044452a207e7df0ef1eb836c13c432  2010.1/x86_64/pidgin-plugins-2.10.1-0.1mdv2010.2.x86_64.rpm
 d16a10cd074364d4a9a97e435cfe0b28  2010.1/x86_64/pidgin-silc-2.10.1-0.1mdv2010.2.x86_64.rpm
 0b2cdfb643d2efb098c50e708f900f79  2010.1/x86_64/pidgin-tcl-2.10.1-0.1mdv2010.2.x86_64.rpm 
 67da842fb1886685ed1f9d1a2811ca41  2010.1/SRPMS/pidgin-2.10.1-0.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 9b78a3cb5192b6b973715a86d5f2a185  2011/i586/finch-2.10.1-0.1-mdv2011.0.i586.rpm
 4d883b1daddce33fafe57d9a99463358  2011/i586/libfinch0-2.10.1-0.1-mdv2011.0.i586.rpm
 499ca1bc78a3f2df77e88e2703a4a725  2011/i586/libpurple0-2.10.1-0.1-mdv2011.0.i586.rpm
 b6948cabf0fcd0c3dd104219bf4d529b  2011/i586/libpurple-devel-2.10.1-0.1-mdv2011.0.i586.rpm
 0016330f267d2bff69e61713c44699ed  2011/i586/pidgin-2.10.1-0.1-mdv2011.0.i586.rpm
 9de78991ff7584e0814f54f2545fae24  2011/i586/pidgin-bonjour-2.10.1-0.1-mdv2011.0.i586.rpm
 ee2045f1eda4a0183cb77f2a60f39ef2  2011/i586/pidgin-client-2.10.1-0.1-mdv2011.0.i586.rpm
 6d079b32b1aaf2beaa3cc82f21c345d4  2011/i586/pidgin-gevolution-2.10.1-0.1-mdv2011.0.i586.rpm
 e84ffa4bf739acaa10eda992600a6cc9  2011/i586/pidgin-i18n-2.10.1-0.1-mdv2011.0.i586.rpm
 35242c70c5cd6cd765fe947a68049496  2011/i586/pidgin-meanwhile-2.10.1-0.1-mdv2011.0.i586.rpm
 a3c3029ce97ff37d16cea641a7e19af2  2011/i586/pidgin-perl-2.10.1-0.1-mdv2011.0.i586.rpm
 62f6cca4f6a7f812c5dd011ce0b83f8c  2011/i586/pidgin-plugins-2.10.1-0.1-mdv2011.0.i586.rpm
 6949ebb1e90eedd7abd7aef9cfe1a42b  2011/i586/pidgin-silc-2.10.1-0.1-mdv2011.0.i586.rpm
 648df3013f920bda8e8883582558dc63  2011/i586/pidgin-tcl-2.10.1-0.1-mdv2011.0.i586.rpm 
 5f6cac1bbc7686d563f15c282c3764e4  2011/SRPMS/pidgin-2.10.1-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 1f1cd638179effa0cd529acb24dd4956  2011/x86_64/finch-2.10.1-0.1-mdv2011.0.x86_64.rpm
 e9f2ef661e38feecd31acb3972e139a4  2011/x86_64/lib64finch0-2.10.1-0.1-mdv2011.0.x86_64.rpm
 316609fbb06b71f5ae9e53cf29fb6b85  2011/x86_64/lib64purple0-2.10.1-0.1-mdv2011.0.x86_64.rpm
 65560e62c4289fa654cf81e5e1887d0f  2011/x86_64/lib64purple-devel-2.10.1-0.1-mdv2011.0.x86_64.rpm
 97a4c63f7225b6994bf60a01aec4bff6  2011/x86_64/pidgin-2.10.1-0.1-mdv2011.0.x86_64.rpm
 2806e8afe7c505a9bdd127297a85eaf5  2011/x86_64/pidgin-bonjour-2.10.1-0.1-mdv2011.0.x86_64.rpm
 d0af78fbc9b0e946f26f76f77fd5cfe7  2011/x86_64/pidgin-client-2.10.1-0.1-mdv2011.0.x86_64.rpm
 1acc288b16a9b84bdd1e9fd214b0d065  2011/x86_64/pidgin-gevolution-2.10.1-0.1-mdv2011.0.x86_64.rpm
 2c9ca9d092a29f468300f8b504bf9e7f  2011/x86_64/pidgin-i18n-2.10.1-0.1-mdv2011.0.x86_64.rpm
 52b5285287ad5d5cf470322eed2c0f3a  2011/x86_64/pidgin-meanwhile-2.10.1-0.1-mdv2011.0.x86_64.rpm
 436f36f77d8e9833ad211019e90fe8d5  2011/x86_64/pidgin-perl-2.10.1-0.1-mdv2011.0.x86_64.rpm
 89865ddd8ab4294dd5705be25952d941  2011/x86_64/pidgin-plugins-2.10.1-0.1-mdv2011.0.x86_64.rpm
 3593366b028691c04ac9cc1b2e870cd7  2011/x86_64/pidgin-silc-2.10.1-0.1-mdv2011.0.x86_64.rpm
 320993baaaf361e84c66bffc9ee3b354  2011/x86_64/pidgin-tcl-2.10.1-0.1-mdv2011.0.x86_64.rpm 
 5f6cac1bbc7686d563f15c282c3764e4  2011/SRPMS/pidgin-2.10.1-0.1.src.rpm

 Mandriva Enterprise Server 5:
 51615cc64b9336513dd37514a809f48d  mes5/i586/finch-2.10.1-0.1mdvmes5.2.i586.rpm
 5bd533e95ee376d1d4233b7814652ac3  mes5/i586/libfinch0-2.10.1-0.1mdvmes5.2.i586.rpm
 0044d4c87f1f6938a08912cf049e5308  mes5/i586/libpurple0-2.10.1-0.1mdvmes5.2.i586.rpm
 8dcd50bf49e30938de5daf041c16ae13  mes5/i586/libpurple-devel-2.10.1-0.1mdvmes5.2.i586.rpm
 bfe19b9a2eec9969ead2f87967e708b9  mes5/i586/pidgin-2.10.1-0.1mdvmes5.2.i586.rpm
 f87eef70053e0fde18aafb40d9601596  mes5/i586/pidgin-bonjour-2.10.1-0.1mdvmes5.2.i586.rpm
 7aa41129fdc8b4b4b34c64987f48a71a  mes5/i586/pidgin-client-2.10.1-0.1mdvmes5.2.i586.rpm
 b6279f9475d0e65a1c77a05565ae7a9c  mes5/i586/pidgin-gevolution-2.10.1-0.1mdvmes5.2.i586.rpm
 c9ccd27fe610345f12ca6564e005c038  mes5/i586/pidgin-i18n-2.10.1-0.1mdvmes5.2.i586.rpm
 c4c6546ccfc0323f090508eaca199600  mes5/i586/pidgin-meanwhile-2.10.1-0.1mdvmes5.2.i586.rpm
 4b29c77749959ff3fbaf986c2143f57e  mes5/i586/pidgin-perl-2.10.1-0.1mdvmes5.2.i586.rpm
 807f293353085db54ecc79311ac4771e  mes5/i586/pidgin-plugins-2.10.1-0.1mdvmes5.2.i586.rpm
 ec25f777a62dca92a21aaa7530445508  mes5/i586/pidgin-silc-2.10.1-0.1mdvmes5.2.i586.rpm
 f133afd3071815af482c56b61cc05dd9  mes5/i586/pidgin-tcl-2.10.1-0.1mdvmes5.2.i586.rpm 
 cf990ab47d35341c1949179e5c855ed4  mes5/SRPMS/pidgin-2.10.1-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 fefbb7e6f80ca220c2552292cb452ef7  mes5/x86_64/finch-2.10.1-0.1mdvmes5.2.x86_64.rpm
 d2250929e39a5dcada37bc505727ee54  mes5/x86_64/lib64finch0-2.10.1-0.1mdvmes5.2.x86_64.rpm
 a38a3893f1d1ba7d144fe119bfcc6513  mes5/x86_64/lib64purple0-2.10.1-0.1mdvmes5.2.x86_64.rpm
 e17c2d0c6f21a82d5949c4f43d16c5e5  mes5/x86_64/lib64purple-devel-2.10.1-0.1mdvmes5.2.x86_64.rpm
 685121d901a528c4a8b88243cffae232  mes5/x86_64/pidgin-2.10.1-0.1mdvmes5.2.x86_64.rpm
 c01a809955a5529cb9c2b4b53e7d3648  mes5/x86_64/pidgin-bonjour-2.10.1-0.1mdvmes5.2.x86_64.rpm
 3475de4053f190f75980a86a05b08252  mes5/x86_64/pidgin-client-2.10.1-0.1mdvmes5.2.x86_64.rpm
 65d3ee299e581feca548a31190d881c9  mes5/x86_64/pidgin-gevolution-2.10.1-0.1mdvmes5.2.x86_64.rpm
 390290a323fc4a43349ee8e306b6ece7  mes5/x86_64/pidgin-i18n-2.10.1-0.1mdvmes5.2.x86_64.rpm
 0a565363b5a71527f4a187a49c8f36a8  mes5/x86_64/pidgin-meanwhile-2.10.1-0.1mdvmes5.2.x86_64.rpm
 8bca72bb09b8aaba4b0dae20f7ef9461  mes5/x86_64/pidgin-perl-2.10.1-0.1mdvmes5.2.x86_64.rpm
 42b9bb53533492aa48136e8f3e7fe208  mes5/x86_64/pidgin-plugins-2.10.1-0.1mdvmes5.2.x86_64.rpm
 641a10bd606b298bd6eaf8697e1a8a82  mes5/x86_64/pidgin-silc-2.10.1-0.1mdvmes5.2.x86_64.rpm
 f346af0db7fe52d03c475a44600228f2  mes5/x86_64/pidgin-tcl-2.10.1-0.1mdvmes5.2.x86_64.rpm 
 cf990ab47d35341c1949179e5c855ed4  mes5/SRPMS/pidgin-2.10.1-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFO48eXmqjQ0CJFipgRAi1zAJ9XZyr4ewcx6I07V7lmlYNcx4Op+gCdF0nv
qxwMoDXEu1edILl3CkSnFvQ=
=Bho6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ