[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WDETI-0000Yl-TL@titan.mandriva.com>
Date: Tue, 11 Feb 2014 15:38:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:025 ] pidgin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:025
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : pidgin
Date : February 11, 2014
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in pidgin:
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does
not properly validate UTF-8 data, which allows remote attackers
to cause a denial of service (application crash) via crafted byte
sequences (CVE-2012-6152).
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8
allow remote attackers to cause a denial of service (application crash)
via a crafted timestamp value in an XMPP message (CVE-2013-6477).
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact
with underlying library support for wide Pango layouts, which
allows user-assisted remote attackers to cause a denial of service
(application crash) via a long URL that is examined with a tooltip
(CVE-2013-6478).
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate
memory for HTTP responses that are inconsistent with the Content-Length
header, which allows remote HTTP servers to cause a denial of service
(application crash) via a crafted response (CVE-2013-6479).
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows
remote attackers to cause a denial of service (crash) via a Yahoo! P2P
message with a crafted length field, which triggers a buffer over-read
(CVE-2013-6481).
Pidgin before 2.10.8 allows remote MSN servers to cause a denial
of service (NULL pointer dereference and crash) via a crafted (1)
SOAP response, (2) OIM XML response, or (3) Content-Length header
(CVE-2013-6482).
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does
not properly determine whether the from address in an iq reply
is consistent with the to address in an iq request, which allows
remote attackers to spoof iq traffic or cause a denial of service
(NULL pointer dereference and application crash) via a crafted reply
(CVE-2013-6483).
The STUN protocol implementation in libpurple in Pidgin before 2.10.8
allows remote STUN servers to cause a denial of service (out-of-bounds
write operation and application crash) by triggering a socket read
error (CVE-2013-6484).
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows
remote HTTP servers to cause a denial of service (application crash)
or possibly have unspecified other impact via an invalid chunk-size
field in chunked transfer-coding data (CVE-2013-6485).
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted
remote attackers to execute arbitrary programs via a message containing
a file: URL that is improperly handled during construction of an
explorer.exe command. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2011-3185 (CVE-2013-6486).
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu
(gg) parser in Pidgin before 2.10.8 allows remote attackers to have
an unspecified impact via a large Content-Length value, which triggers
a buffer overflow (CVE-2013-6487).
Integer signedness error in the MXit functionality in Pidgin
before 2.10.8 allows remote attackers to cause a denial of service
(segmentation fault) via a crafted emoticon value, which triggers an
integer overflow and a buffer overflow (CVE-2013-6489).
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote
attackers to have an unspecified impact via a negative Content-Length
header, which triggers a buffer overflow (CVE-2013-6490).
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does
not validate argument counts, which allows remote IRC servers to
cause a denial of service (application crash) via a crafted message
(CVE-2014-0020).
This update provides pidgin 2.10.9, which is not vulnerable to
these issues.
Additionally a build problem conserning sqlite3 was discovered and
fixed, therefore fixed sqlite3 packages is also provided with this
advisory.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
http://www.pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
d5e069e752c3e17c4da5aa68e0b58861 mes5/i586/finch-2.10.9-0.1mdvmes5.2.i586.rpm
59e74cb9433ce7913641c650902a46ef mes5/i586/lemon-3.7.17-0.2mdvmes5.2.i586.rpm
622382a4c075b1a34e07557893c46e37 mes5/i586/libfinch0-2.10.9-0.1mdvmes5.2.i586.rpm
259cedc6c30b9a1b405a8648965ba698 mes5/i586/libpurple0-2.10.9-0.1mdvmes5.2.i586.rpm
0ab50a1d9b026f40ff1bd1c387365942 mes5/i586/libpurple-devel-2.10.9-0.1mdvmes5.2.i586.rpm
d74e7b6d9e51aba8934b35c586b91ad1 mes5/i586/libsqlite3_0-3.7.17-0.2mdvmes5.2.i586.rpm
7e8328f32d8f5a04d467f681bcad63ea mes5/i586/libsqlite3-devel-3.7.17-0.2mdvmes5.2.i586.rpm
e4c5573f96eac1d929dd230a7865382b mes5/i586/libsqlite3-static-devel-3.7.17-0.2mdvmes5.2.i586.rpm
c04ea89dee22c74eafd9b3024d4ade75 mes5/i586/pidgin-2.10.9-0.1mdvmes5.2.i586.rpm
e9b40d036b1a72333b6a3eeee09cccdb mes5/i586/pidgin-bonjour-2.10.9-0.1mdvmes5.2.i586.rpm
19813100aac040610354d571e9cca8bc mes5/i586/pidgin-client-2.10.9-0.1mdvmes5.2.i586.rpm
8136df89bdc4d840c9a54a52b0ed0e63 mes5/i586/pidgin-gevolution-2.10.9-0.1mdvmes5.2.i586.rpm
fc2163f93b0ae4ead4c7435fb4f120e6 mes5/i586/pidgin-i18n-2.10.9-0.1mdvmes5.2.i586.rpm
076a516d309c63bf23dd22f50a4784ae mes5/i586/pidgin-meanwhile-2.10.9-0.1mdvmes5.2.i586.rpm
5f97910f07a93533f37b9b85b6ce17c7 mes5/i586/pidgin-perl-2.10.9-0.1mdvmes5.2.i586.rpm
0e253e8be6fe43e608e561dc8aea85e5 mes5/i586/pidgin-plugins-2.10.9-0.1mdvmes5.2.i586.rpm
751f1e9e64876916d4e94d2b98c48305 mes5/i586/pidgin-silc-2.10.9-0.1mdvmes5.2.i586.rpm
0fe038d2e0a1af10101a44c830d962e7 mes5/i586/pidgin-tcl-2.10.9-0.1mdvmes5.2.i586.rpm
8a9c11da3d1b6631c5903bb17ceff35c mes5/i586/sqlite3-tcl-3.7.17-0.2mdvmes5.2.i586.rpm
c97a4fad0918784bc99108eae935b3cb mes5/i586/sqlite3-tools-3.7.17-0.2mdvmes5.2.i586.rpm
eff3563dfb7c81e0b56bb75b122897d3 mes5/SRPMS/pidgin-2.10.9-0.1mdvmes5.2.src.rpm
feb4686f16dd3bf86525874ecac26270 mes5/SRPMS/sqlite3-3.7.17-0.2mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
c542e6f719b399da75417f97274b21a4 mes5/x86_64/finch-2.10.9-0.1mdvmes5.2.x86_64.rpm
dd418736a2897d4cb9057b0de35bc2aa mes5/x86_64/lemon-3.7.17-0.2mdvmes5.2.x86_64.rpm
325a2f54d9a9dab7091ca3db315d9a0d mes5/x86_64/lib64finch0-2.10.9-0.1mdvmes5.2.x86_64.rpm
06ffc4fe6aaff23bfa55b32f1b104553 mes5/x86_64/lib64purple0-2.10.9-0.1mdvmes5.2.x86_64.rpm
95b09c1e20930274cc157b7cbdc1ed30 mes5/x86_64/lib64purple-devel-2.10.9-0.1mdvmes5.2.x86_64.rpm
29400793bb255c219aaf632d2c29992e mes5/x86_64/lib64sqlite3_0-3.7.17-0.2mdvmes5.2.x86_64.rpm
7d50c2c9a0ba8dbb4503d998565c8054 mes5/x86_64/lib64sqlite3-devel-3.7.17-0.2mdvmes5.2.x86_64.rpm
9e4b938ceb9ba6632c6793f8ae742918 mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.2mdvmes5.2.x86_64.rpm
16fa661249fbe539a5767ba293e954f0 mes5/x86_64/pidgin-2.10.9-0.1mdvmes5.2.x86_64.rpm
f2f946951136034027f0975f3ebcf13c mes5/x86_64/pidgin-bonjour-2.10.9-0.1mdvmes5.2.x86_64.rpm
8f69b2e27d0ded87aa76cb595775d744 mes5/x86_64/pidgin-client-2.10.9-0.1mdvmes5.2.x86_64.rpm
7aa49805c62357537de5545f6c4c09b0 mes5/x86_64/pidgin-gevolution-2.10.9-0.1mdvmes5.2.x86_64.rpm
d1d9652103f7b2ad47910dc95762d96e mes5/x86_64/pidgin-i18n-2.10.9-0.1mdvmes5.2.x86_64.rpm
17f1f4181d242156357053c51680b44e mes5/x86_64/pidgin-meanwhile-2.10.9-0.1mdvmes5.2.x86_64.rpm
b54af0150969364e33e458f33c4ec8f6 mes5/x86_64/pidgin-perl-2.10.9-0.1mdvmes5.2.x86_64.rpm
7466096e476af27c108d24871106704d mes5/x86_64/pidgin-plugins-2.10.9-0.1mdvmes5.2.x86_64.rpm
6df18cb5be0699d8e7972eac6694290c mes5/x86_64/pidgin-silc-2.10.9-0.1mdvmes5.2.x86_64.rpm
c27fceeb99785261185d8864204d61e8 mes5/x86_64/pidgin-tcl-2.10.9-0.1mdvmes5.2.x86_64.rpm
d05b1b1c334e339acb80c3557fd42cc8 mes5/x86_64/sqlite3-tcl-3.7.17-0.2mdvmes5.2.x86_64.rpm
6b82dedf6e42f809ec943c076dff67f9 mes5/x86_64/sqlite3-tools-3.7.17-0.2mdvmes5.2.x86_64.rpm
eff3563dfb7c81e0b56bb75b122897d3 mes5/SRPMS/pidgin-2.10.9-0.1mdvmes5.2.src.rpm
feb4686f16dd3bf86525874ecac26270 mes5/SRPMS/sqlite3-3.7.17-0.2mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFS+gm/mqjQ0CJFipgRAglhAJ9pHRmOiX3IS07H90G/CqZQIZi8XwCghvOW
vZrdz+M7YegoIowGho3xYXQ=
=2vhw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists