lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1SZ3OK-0002Us-Tb@titan.mandriva.com>
Date: Mon, 28 May 2012 19:06:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:082 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:082
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : May 28, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in pidgin:
 
 A series of specially crafted file transfer requests can cause clients
 to reference invalid memory. The user must have accepted one of the
 file transfer requests (CVE-2012-2214).
 
 Incoming messages with certain characters or character encodings can
 cause clients to crash (CVE-2012-2318).
 
 This update provides pidgin 2.10.4, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318
 http://www.pidgin.im/news/security/
 http://www.pidgin.im/news/security/?id=62
 http://www.pidgin.im/news/security/?id=63
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 bef050030adee6a6d8a6ce2116ef2997  2011/i586/finch-2.10.4-0.1-mdv2011.0.i586.rpm
 0331afa765ec36c87f469500bf178ee4  2011/i586/libfinch0-2.10.4-0.1-mdv2011.0.i586.rpm
 2bf80984270719e8e15414f49f2ab04b  2011/i586/libpurple0-2.10.4-0.1-mdv2011.0.i586.rpm
 557db76a0aad842f0c2cb80e8a16ac7e  2011/i586/libpurple-devel-2.10.4-0.1-mdv2011.0.i586.rpm
 7435f72c8cd2358d8aca7c29140c9c7d  2011/i586/pidgin-2.10.4-0.1-mdv2011.0.i586.rpm
 17ea6ccf5344fac74668ea979d7da86a  2011/i586/pidgin-bonjour-2.10.4-0.1-mdv2011.0.i586.rpm
 a7a4475e3caa52e1353612f522856284  2011/i586/pidgin-client-2.10.4-0.1-mdv2011.0.i586.rpm
 5771361b7c5713a34c9f116a0e6e9127  2011/i586/pidgin-gevolution-2.10.4-0.1-mdv2011.0.i586.rpm
 0d5daddc1b6d6c0ab1ce0057e8b4b0ac  2011/i586/pidgin-i18n-2.10.4-0.1-mdv2011.0.i586.rpm
 ceafa80a86569642d974fe095414e725  2011/i586/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.i586.rpm
 521837eb4a4bbaf19996f9a88f7936bb  2011/i586/pidgin-perl-2.10.4-0.1-mdv2011.0.i586.rpm
 9c2a6a5e60aef9b19692cbec801b87b8  2011/i586/pidgin-plugins-2.10.4-0.1-mdv2011.0.i586.rpm
 012809faae1cb25d0a3637a19858d9c9  2011/i586/pidgin-silc-2.10.4-0.1-mdv2011.0.i586.rpm
 2127fe686c24f5a44c4ed680231e8cd6  2011/i586/pidgin-tcl-2.10.4-0.1-mdv2011.0.i586.rpm 
 b977e3cb9a308a2e772b7ccb5d39c370  2011/SRPMS/pidgin-2.10.4-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 69d6d461391fe01e8bb100fd252efde3  2011/x86_64/finch-2.10.4-0.1-mdv2011.0.x86_64.rpm
 e7485e20ba16037cf302cb7afc3fea89  2011/x86_64/lib64finch0-2.10.4-0.1-mdv2011.0.x86_64.rpm
 a7521660b6a2b6c9cd0acbdbcf6946c1  2011/x86_64/lib64purple0-2.10.4-0.1-mdv2011.0.x86_64.rpm
 24757f828f3f25488be291e7d5365e00  2011/x86_64/lib64purple-devel-2.10.4-0.1-mdv2011.0.x86_64.rpm
 c552d655223d60f64e4089b1841a690c  2011/x86_64/pidgin-2.10.4-0.1-mdv2011.0.x86_64.rpm
 f95bc494277ff7e083413528c2cc42d9  2011/x86_64/pidgin-bonjour-2.10.4-0.1-mdv2011.0.x86_64.rpm
 b8461999b7a10719476fe6bd43ed972c  2011/x86_64/pidgin-client-2.10.4-0.1-mdv2011.0.x86_64.rpm
 9ca33b7b07128f0f66bdb1b21cad4e84  2011/x86_64/pidgin-gevolution-2.10.4-0.1-mdv2011.0.x86_64.rpm
 b32f3c197ba607e9c2f92ded9ae0b283  2011/x86_64/pidgin-i18n-2.10.4-0.1-mdv2011.0.x86_64.rpm
 dd5b75e821d541f66e7d0766c9a6f6ae  2011/x86_64/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.x86_64.rpm
 f9bf0cd48c12e8a36e85f1dac2c06672  2011/x86_64/pidgin-perl-2.10.4-0.1-mdv2011.0.x86_64.rpm
 71057b5d79e4dfba09321eee54d98dcb  2011/x86_64/pidgin-plugins-2.10.4-0.1-mdv2011.0.x86_64.rpm
 ffa4c2e94e4d2b0597ec94108340bada  2011/x86_64/pidgin-silc-2.10.4-0.1-mdv2011.0.x86_64.rpm
 d8e088f101b312bfde020e39a4134c2e  2011/x86_64/pidgin-tcl-2.10.4-0.1-mdv2011.0.x86_64.rpm 
 b977e3cb9a308a2e772b7ccb5d39c370  2011/SRPMS/pidgin-2.10.4-0.1.src.rpm

 Mandriva Enterprise Server 5:
 9a4c0fd6f19f32491cb81be5304b3b7f  mes5/i586/finch-2.10.4-0.1mdvmes5.2.i586.rpm
 871836ceb09eac2f02f1b3fa6b947506  mes5/i586/libfinch0-2.10.4-0.1mdvmes5.2.i586.rpm
 2dd36fd15de2ddb55ec014f14a976561  mes5/i586/libpurple0-2.10.4-0.1mdvmes5.2.i586.rpm
 f280ae9695571a39a85bc9978d4525fe  mes5/i586/libpurple-devel-2.10.4-0.1mdvmes5.2.i586.rpm
 d27b90b2e2f12ae89582f04b3f194751  mes5/i586/pidgin-2.10.4-0.1mdvmes5.2.i586.rpm
 167a3742e07438466c270820613a5fcc  mes5/i586/pidgin-bonjour-2.10.4-0.1mdvmes5.2.i586.rpm
 02fbe71ad44ec5e8b2d4f9c470010654  mes5/i586/pidgin-client-2.10.4-0.1mdvmes5.2.i586.rpm
 edf56ff5975f98b4ea5b6463b43646d8  mes5/i586/pidgin-gevolution-2.10.4-0.1mdvmes5.2.i586.rpm
 a50fc90896857995ec2fcf4a9c20bea8  mes5/i586/pidgin-i18n-2.10.4-0.1mdvmes5.2.i586.rpm
 7a8e884e0b61bff3a9afc432810261e0  mes5/i586/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.i586.rpm
 5860dbaab368fccd0dc16e0d30f1be5c  mes5/i586/pidgin-perl-2.10.4-0.1mdvmes5.2.i586.rpm
 ee1ca5f6cca543cf8f2d1af8acc92fdc  mes5/i586/pidgin-plugins-2.10.4-0.1mdvmes5.2.i586.rpm
 30af0a61aaebd8937983e416f74bbb2a  mes5/i586/pidgin-silc-2.10.4-0.1mdvmes5.2.i586.rpm
 f7e8883d2fa5f20a0c59f3e1e1790adc  mes5/i586/pidgin-tcl-2.10.4-0.1mdvmes5.2.i586.rpm 
 c629adfa2d43585105be933466e6d366  mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8c3da9c1ae1a49d3b048bb03be17810e  mes5/x86_64/finch-2.10.4-0.1mdvmes5.2.x86_64.rpm
 a7a841ac4a2f3115f14930b2dd462074  mes5/x86_64/lib64finch0-2.10.4-0.1mdvmes5.2.x86_64.rpm
 16120decc116f49a9bfc20e9642a3130  mes5/x86_64/lib64purple0-2.10.4-0.1mdvmes5.2.x86_64.rpm
 396f02442c0cfbcb530fa518cbf3b389  mes5/x86_64/lib64purple-devel-2.10.4-0.1mdvmes5.2.x86_64.rpm
 51f5c14a4e941e1ffc818408ec902af8  mes5/x86_64/pidgin-2.10.4-0.1mdvmes5.2.x86_64.rpm
 1a607ed7b1772421bdb70e922119dca4  mes5/x86_64/pidgin-bonjour-2.10.4-0.1mdvmes5.2.x86_64.rpm
 52a43e7519eccdde5570cc343697e271  mes5/x86_64/pidgin-client-2.10.4-0.1mdvmes5.2.x86_64.rpm
 5b96e447aac38288c4147078b6bc3f8a  mes5/x86_64/pidgin-gevolution-2.10.4-0.1mdvmes5.2.x86_64.rpm
 7b88dfac197f7213bb9de95dfd47bc3c  mes5/x86_64/pidgin-i18n-2.10.4-0.1mdvmes5.2.x86_64.rpm
 4c766c56d7e11b2aa6c4089d93c41a3e  mes5/x86_64/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.x86_64.rpm
 a688528aafafdcdb1033dd3a28b2df70  mes5/x86_64/pidgin-perl-2.10.4-0.1mdvmes5.2.x86_64.rpm
 fab9bbd6ad53f66c93ce0d8ce76c9ea5  mes5/x86_64/pidgin-plugins-2.10.4-0.1mdvmes5.2.x86_64.rpm
 68f561d5573ec899fbc150a2e2b6db8b  mes5/x86_64/pidgin-silc-2.10.4-0.1mdvmes5.2.x86_64.rpm
 73feee59eeec17b84b028ba600874bfd  mes5/x86_64/pidgin-tcl-2.10.4-0.1mdvmes5.2.x86_64.rpm 
 c629adfa2d43585105be933466e6d366  mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPw4OemqjQ0CJFipgRAlkLAJ4s5jNQkDp07qoeBOJnXs5CpjO54QCfec5Z
Puo+VFqX6322lldU1NTlMZk=
=jEk/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ