[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1SpMAP-00078X-1r@titan.mandriva.com>
Date: Thu, 12 Jul 2012 18:23:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:105 ] pidgin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:105
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : July 12, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in pidgin:
Incorrect handing of inline images in incoming instant messages can
cause a buffer overflow and in some cases can be exploited to execute
arbitrary code (CVE-2012-3374).
This update provides pidgin 2.10.6, which is not vulnerable to
this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374
http://www.pidgin.im/news/security/
http://pidgin.im/news/security/?id=64
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
f7e80d172c6ff75bef0a079589f17a1b 2011/i586/finch-2.10.6-0.1-mdv2011.0.i586.rpm
9c75f2f1b17effeaaaf710463875a473 2011/i586/libfinch0-2.10.6-0.1-mdv2011.0.i586.rpm
d4db21d9df134c4f11b08707b77707e1 2011/i586/libpurple0-2.10.6-0.1-mdv2011.0.i586.rpm
a889ba0e001bee7af11f6009e3562215 2011/i586/libpurple-devel-2.10.6-0.1-mdv2011.0.i586.rpm
2b72382164f8fd402f0b460c82c56959 2011/i586/pidgin-2.10.6-0.1-mdv2011.0.i586.rpm
759ae3b3f5929db50d9aef394d949605 2011/i586/pidgin-bonjour-2.10.6-0.1-mdv2011.0.i586.rpm
54296635ba1a6177f5b41763cbe60a71 2011/i586/pidgin-client-2.10.6-0.1-mdv2011.0.i586.rpm
a9da5bc76e3386b7fd523e3399b76913 2011/i586/pidgin-gevolution-2.10.6-0.1-mdv2011.0.i586.rpm
8b2b02aa62ff5263847946efb42c7b35 2011/i586/pidgin-i18n-2.10.6-0.1-mdv2011.0.i586.rpm
86c69bb304cebd8b68a5c4f72c910ac7 2011/i586/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.i586.rpm
423b5de6a52df201b49bad1084abe911 2011/i586/pidgin-perl-2.10.6-0.1-mdv2011.0.i586.rpm
74c109b3d3656734e8faf4601aadba38 2011/i586/pidgin-plugins-2.10.6-0.1-mdv2011.0.i586.rpm
f441239c240d79e4ef35af71f215257a 2011/i586/pidgin-silc-2.10.6-0.1-mdv2011.0.i586.rpm
46739077bff4833ad182dc40795aadff 2011/i586/pidgin-tcl-2.10.6-0.1-mdv2011.0.i586.rpm
e8a07df63c3f2a450a4b45eb95cb9fd4 2011/SRPMS/pidgin-2.10.6-0.1.src.rpm
Mandriva Linux 2011/X86_64:
2d9874e00deb28593b98a4b63a11fc95 2011/x86_64/finch-2.10.6-0.1-mdv2011.0.x86_64.rpm
fe7d3656599ec27b78c31be4dfb68441 2011/x86_64/lib64finch0-2.10.6-0.1-mdv2011.0.x86_64.rpm
b7a208f00fe6b2e53f9bd2c12522c24c 2011/x86_64/lib64purple0-2.10.6-0.1-mdv2011.0.x86_64.rpm
66025c20289c6b2217319dda95a198e9 2011/x86_64/lib64purple-devel-2.10.6-0.1-mdv2011.0.x86_64.rpm
cfff0a1ede9098cf357118b10b92f2d0 2011/x86_64/pidgin-2.10.6-0.1-mdv2011.0.x86_64.rpm
88af560635a40fcd409b3220b954e310 2011/x86_64/pidgin-bonjour-2.10.6-0.1-mdv2011.0.x86_64.rpm
6a9f611ae694f7694548f6f0c9ff50c6 2011/x86_64/pidgin-client-2.10.6-0.1-mdv2011.0.x86_64.rpm
7d40804aed23ddb0e5cd97c9e49f1c9e 2011/x86_64/pidgin-gevolution-2.10.6-0.1-mdv2011.0.x86_64.rpm
36987a95485088a304c6eb690dd0ff9e 2011/x86_64/pidgin-i18n-2.10.6-0.1-mdv2011.0.x86_64.rpm
bb8008b19912728181c2f38750ccc3dd 2011/x86_64/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.x86_64.rpm
b5810dfdc498eb7c04745b15570796a0 2011/x86_64/pidgin-perl-2.10.6-0.1-mdv2011.0.x86_64.rpm
accbd9be402022dff0b5a06bdd5728c1 2011/x86_64/pidgin-plugins-2.10.6-0.1-mdv2011.0.x86_64.rpm
7e32481fb83772a7db9258cb93bc9054 2011/x86_64/pidgin-silc-2.10.6-0.1-mdv2011.0.x86_64.rpm
610c85d510ed29a36b87789628614c84 2011/x86_64/pidgin-tcl-2.10.6-0.1-mdv2011.0.x86_64.rpm
e8a07df63c3f2a450a4b45eb95cb9fd4 2011/SRPMS/pidgin-2.10.6-0.1.src.rpm
Mandriva Enterprise Server 5:
c196053127a5d88a98d3fa631bfcc256 mes5/i586/finch-2.10.6-0.1mdvmes5.2.i586.rpm
2453d8f1af8aa146d464337614ae0977 mes5/i586/libfinch0-2.10.6-0.1mdvmes5.2.i586.rpm
b16a875e4ae467a4930b9e3bd3789317 mes5/i586/libpurple0-2.10.6-0.1mdvmes5.2.i586.rpm
d6a3ed842d2f37d9bbdb166935b61802 mes5/i586/libpurple-devel-2.10.6-0.1mdvmes5.2.i586.rpm
35f1e22da342cfed18b827a0c7434f38 mes5/i586/pidgin-2.10.6-0.1mdvmes5.2.i586.rpm
bb71bb14fc009fb8246f8bd6bbd93491 mes5/i586/pidgin-bonjour-2.10.6-0.1mdvmes5.2.i586.rpm
ff038b482916d9496c39c3c9ff1dc5f3 mes5/i586/pidgin-client-2.10.6-0.1mdvmes5.2.i586.rpm
3e4740561caaa1d3d3daac49b4f5a4fb mes5/i586/pidgin-gevolution-2.10.6-0.1mdvmes5.2.i586.rpm
3aed37790a68c8e7d4f7390751254f0a mes5/i586/pidgin-i18n-2.10.6-0.1mdvmes5.2.i586.rpm
3cb0495fdf8b600fdaf662d11b5ce0a8 mes5/i586/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.i586.rpm
4def3f67bb7c153fd4f3053d129f7676 mes5/i586/pidgin-perl-2.10.6-0.1mdvmes5.2.i586.rpm
bf772b21bb3bfd378beba9418104c9d7 mes5/i586/pidgin-plugins-2.10.6-0.1mdvmes5.2.i586.rpm
62a87b9117c03ff5163e5e6adbd06a65 mes5/i586/pidgin-silc-2.10.6-0.1mdvmes5.2.i586.rpm
6c1d1a4e7eddaf5fa70883cc37807c22 mes5/i586/pidgin-tcl-2.10.6-0.1mdvmes5.2.i586.rpm
a4137ed972c18c6345b772c4adf0ac77 mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
458a2546e5857aa5d332edc97de703c1 mes5/x86_64/finch-2.10.6-0.1mdvmes5.2.x86_64.rpm
757f2a910addcfd1c4cdc600c1516921 mes5/x86_64/lib64finch0-2.10.6-0.1mdvmes5.2.x86_64.rpm
3606e6640904682fce39b5fa27325b72 mes5/x86_64/lib64purple0-2.10.6-0.1mdvmes5.2.x86_64.rpm
5d32abf19c6064d9df5a4703d1eb9762 mes5/x86_64/lib64purple-devel-2.10.6-0.1mdvmes5.2.x86_64.rpm
3131b75bdc3af6b33008bed94641784e mes5/x86_64/pidgin-2.10.6-0.1mdvmes5.2.x86_64.rpm
23572b084883487d9a273df77b38485b mes5/x86_64/pidgin-bonjour-2.10.6-0.1mdvmes5.2.x86_64.rpm
c1bdb0a73a5326122380a6d0e9acba88 mes5/x86_64/pidgin-client-2.10.6-0.1mdvmes5.2.x86_64.rpm
132314113d06f073c0683d4c97657959 mes5/x86_64/pidgin-gevolution-2.10.6-0.1mdvmes5.2.x86_64.rpm
5b35a7b1173c6cda450fb9f0c4bc2cd3 mes5/x86_64/pidgin-i18n-2.10.6-0.1mdvmes5.2.x86_64.rpm
75a5d162bebc87b9b7c60a7100de4ea1 mes5/x86_64/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.x86_64.rpm
773dea78ac849a0cfea52c21f104f5bc mes5/x86_64/pidgin-perl-2.10.6-0.1mdvmes5.2.x86_64.rpm
223cf7a77f11f00be346cb4e5d9017fc mes5/x86_64/pidgin-plugins-2.10.6-0.1mdvmes5.2.x86_64.rpm
ecb7c1f5fed5b00214dbc28f9b8ac187 mes5/x86_64/pidgin-silc-2.10.6-0.1mdvmes5.2.x86_64.rpm
b19c8fb427ad2ea9eceb0bf902a85a35 mes5/x86_64/pidgin-tcl-2.10.6-0.1mdvmes5.2.x86_64.rpm
a4137ed972c18c6345b772c4adf0ac77 mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP/s0RmqjQ0CJFipgRAkwQAKDWrB043Mil6ss0kz5zQw+6zhJojwCgpiyi
CzwtQSPDkmLinBR5FO7/WK8=
=F21j
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists