lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1SpMAP-00078X-1r@titan.mandriva.com>
Date: Thu, 12 Jul 2012 18:23:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:105 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:105
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : July 12, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in pidgin:
 
 Incorrect handing of inline images in incoming instant messages can
 cause a buffer overflow and in some cases can be exploited to execute
 arbitrary code (CVE-2012-3374).
 
 This update provides pidgin 2.10.6, which is not vulnerable to
 this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374
 http://www.pidgin.im/news/security/
 http://pidgin.im/news/security/?id=64
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 f7e80d172c6ff75bef0a079589f17a1b  2011/i586/finch-2.10.6-0.1-mdv2011.0.i586.rpm
 9c75f2f1b17effeaaaf710463875a473  2011/i586/libfinch0-2.10.6-0.1-mdv2011.0.i586.rpm
 d4db21d9df134c4f11b08707b77707e1  2011/i586/libpurple0-2.10.6-0.1-mdv2011.0.i586.rpm
 a889ba0e001bee7af11f6009e3562215  2011/i586/libpurple-devel-2.10.6-0.1-mdv2011.0.i586.rpm
 2b72382164f8fd402f0b460c82c56959  2011/i586/pidgin-2.10.6-0.1-mdv2011.0.i586.rpm
 759ae3b3f5929db50d9aef394d949605  2011/i586/pidgin-bonjour-2.10.6-0.1-mdv2011.0.i586.rpm
 54296635ba1a6177f5b41763cbe60a71  2011/i586/pidgin-client-2.10.6-0.1-mdv2011.0.i586.rpm
 a9da5bc76e3386b7fd523e3399b76913  2011/i586/pidgin-gevolution-2.10.6-0.1-mdv2011.0.i586.rpm
 8b2b02aa62ff5263847946efb42c7b35  2011/i586/pidgin-i18n-2.10.6-0.1-mdv2011.0.i586.rpm
 86c69bb304cebd8b68a5c4f72c910ac7  2011/i586/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.i586.rpm
 423b5de6a52df201b49bad1084abe911  2011/i586/pidgin-perl-2.10.6-0.1-mdv2011.0.i586.rpm
 74c109b3d3656734e8faf4601aadba38  2011/i586/pidgin-plugins-2.10.6-0.1-mdv2011.0.i586.rpm
 f441239c240d79e4ef35af71f215257a  2011/i586/pidgin-silc-2.10.6-0.1-mdv2011.0.i586.rpm
 46739077bff4833ad182dc40795aadff  2011/i586/pidgin-tcl-2.10.6-0.1-mdv2011.0.i586.rpm 
 e8a07df63c3f2a450a4b45eb95cb9fd4  2011/SRPMS/pidgin-2.10.6-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 2d9874e00deb28593b98a4b63a11fc95  2011/x86_64/finch-2.10.6-0.1-mdv2011.0.x86_64.rpm
 fe7d3656599ec27b78c31be4dfb68441  2011/x86_64/lib64finch0-2.10.6-0.1-mdv2011.0.x86_64.rpm
 b7a208f00fe6b2e53f9bd2c12522c24c  2011/x86_64/lib64purple0-2.10.6-0.1-mdv2011.0.x86_64.rpm
 66025c20289c6b2217319dda95a198e9  2011/x86_64/lib64purple-devel-2.10.6-0.1-mdv2011.0.x86_64.rpm
 cfff0a1ede9098cf357118b10b92f2d0  2011/x86_64/pidgin-2.10.6-0.1-mdv2011.0.x86_64.rpm
 88af560635a40fcd409b3220b954e310  2011/x86_64/pidgin-bonjour-2.10.6-0.1-mdv2011.0.x86_64.rpm
 6a9f611ae694f7694548f6f0c9ff50c6  2011/x86_64/pidgin-client-2.10.6-0.1-mdv2011.0.x86_64.rpm
 7d40804aed23ddb0e5cd97c9e49f1c9e  2011/x86_64/pidgin-gevolution-2.10.6-0.1-mdv2011.0.x86_64.rpm
 36987a95485088a304c6eb690dd0ff9e  2011/x86_64/pidgin-i18n-2.10.6-0.1-mdv2011.0.x86_64.rpm
 bb8008b19912728181c2f38750ccc3dd  2011/x86_64/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.x86_64.rpm
 b5810dfdc498eb7c04745b15570796a0  2011/x86_64/pidgin-perl-2.10.6-0.1-mdv2011.0.x86_64.rpm
 accbd9be402022dff0b5a06bdd5728c1  2011/x86_64/pidgin-plugins-2.10.6-0.1-mdv2011.0.x86_64.rpm
 7e32481fb83772a7db9258cb93bc9054  2011/x86_64/pidgin-silc-2.10.6-0.1-mdv2011.0.x86_64.rpm
 610c85d510ed29a36b87789628614c84  2011/x86_64/pidgin-tcl-2.10.6-0.1-mdv2011.0.x86_64.rpm 
 e8a07df63c3f2a450a4b45eb95cb9fd4  2011/SRPMS/pidgin-2.10.6-0.1.src.rpm

 Mandriva Enterprise Server 5:
 c196053127a5d88a98d3fa631bfcc256  mes5/i586/finch-2.10.6-0.1mdvmes5.2.i586.rpm
 2453d8f1af8aa146d464337614ae0977  mes5/i586/libfinch0-2.10.6-0.1mdvmes5.2.i586.rpm
 b16a875e4ae467a4930b9e3bd3789317  mes5/i586/libpurple0-2.10.6-0.1mdvmes5.2.i586.rpm
 d6a3ed842d2f37d9bbdb166935b61802  mes5/i586/libpurple-devel-2.10.6-0.1mdvmes5.2.i586.rpm
 35f1e22da342cfed18b827a0c7434f38  mes5/i586/pidgin-2.10.6-0.1mdvmes5.2.i586.rpm
 bb71bb14fc009fb8246f8bd6bbd93491  mes5/i586/pidgin-bonjour-2.10.6-0.1mdvmes5.2.i586.rpm
 ff038b482916d9496c39c3c9ff1dc5f3  mes5/i586/pidgin-client-2.10.6-0.1mdvmes5.2.i586.rpm
 3e4740561caaa1d3d3daac49b4f5a4fb  mes5/i586/pidgin-gevolution-2.10.6-0.1mdvmes5.2.i586.rpm
 3aed37790a68c8e7d4f7390751254f0a  mes5/i586/pidgin-i18n-2.10.6-0.1mdvmes5.2.i586.rpm
 3cb0495fdf8b600fdaf662d11b5ce0a8  mes5/i586/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.i586.rpm
 4def3f67bb7c153fd4f3053d129f7676  mes5/i586/pidgin-perl-2.10.6-0.1mdvmes5.2.i586.rpm
 bf772b21bb3bfd378beba9418104c9d7  mes5/i586/pidgin-plugins-2.10.6-0.1mdvmes5.2.i586.rpm
 62a87b9117c03ff5163e5e6adbd06a65  mes5/i586/pidgin-silc-2.10.6-0.1mdvmes5.2.i586.rpm
 6c1d1a4e7eddaf5fa70883cc37807c22  mes5/i586/pidgin-tcl-2.10.6-0.1mdvmes5.2.i586.rpm 
 a4137ed972c18c6345b772c4adf0ac77  mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 458a2546e5857aa5d332edc97de703c1  mes5/x86_64/finch-2.10.6-0.1mdvmes5.2.x86_64.rpm
 757f2a910addcfd1c4cdc600c1516921  mes5/x86_64/lib64finch0-2.10.6-0.1mdvmes5.2.x86_64.rpm
 3606e6640904682fce39b5fa27325b72  mes5/x86_64/lib64purple0-2.10.6-0.1mdvmes5.2.x86_64.rpm
 5d32abf19c6064d9df5a4703d1eb9762  mes5/x86_64/lib64purple-devel-2.10.6-0.1mdvmes5.2.x86_64.rpm
 3131b75bdc3af6b33008bed94641784e  mes5/x86_64/pidgin-2.10.6-0.1mdvmes5.2.x86_64.rpm
 23572b084883487d9a273df77b38485b  mes5/x86_64/pidgin-bonjour-2.10.6-0.1mdvmes5.2.x86_64.rpm
 c1bdb0a73a5326122380a6d0e9acba88  mes5/x86_64/pidgin-client-2.10.6-0.1mdvmes5.2.x86_64.rpm
 132314113d06f073c0683d4c97657959  mes5/x86_64/pidgin-gevolution-2.10.6-0.1mdvmes5.2.x86_64.rpm
 5b35a7b1173c6cda450fb9f0c4bc2cd3  mes5/x86_64/pidgin-i18n-2.10.6-0.1mdvmes5.2.x86_64.rpm
 75a5d162bebc87b9b7c60a7100de4ea1  mes5/x86_64/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.x86_64.rpm
 773dea78ac849a0cfea52c21f104f5bc  mes5/x86_64/pidgin-perl-2.10.6-0.1mdvmes5.2.x86_64.rpm
 223cf7a77f11f00be346cb4e5d9017fc  mes5/x86_64/pidgin-plugins-2.10.6-0.1mdvmes5.2.x86_64.rpm
 ecb7c1f5fed5b00214dbc28f9b8ac187  mes5/x86_64/pidgin-silc-2.10.6-0.1mdvmes5.2.x86_64.rpm
 b19c8fb427ad2ea9eceb0bf902a85a35  mes5/x86_64/pidgin-tcl-2.10.6-0.1mdvmes5.2.x86_64.rpm 
 a4137ed972c18c6345b772c4adf0ac77  mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP/s0RmqjQ0CJFipgRAkwQAKDWrB043Mil6ss0kz5zQw+6zhJojwCgpiyi
CzwtQSPDkmLinBR5FO7/WK8=
=F21j
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ