lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1WDETI-0000Yl-TL@titan.mandriva.com>
Date: Tue, 11 Feb 2014 15:38:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2014:025 ] pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:025
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : February 11, 2014
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in pidgin:
 
 The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does
 not properly validate UTF-8 data, which allows remote attackers
 to cause a denial of service (application crash) via crafted byte
 sequences (CVE-2012-6152).
 
 Multiple integer signedness errors in libpurple in Pidgin before 2.10.8
 allow remote attackers to cause a denial of service (application crash)
 via a crafted timestamp value in an XMPP message (CVE-2013-6477).
 
 gtkimhtml.c in Pidgin before 2.10.8 does not properly interact
 with underlying library support for wide Pango layouts, which
 allows user-assisted remote attackers to cause a denial of service
 (application crash) via a long URL that is examined with a tooltip
 (CVE-2013-6478).
 
 util.c in libpurple in Pidgin before 2.10.8 does not properly allocate
 memory for HTTP responses that are inconsistent with the Content-Length
 header, which allows remote HTTP servers to cause a denial of service
 (application crash) via a crafted response (CVE-2013-6479).
 
 libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows
 remote attackers to cause a denial of service (crash) via a Yahoo! P2P
 message with a crafted length field, which triggers a buffer over-read
 (CVE-2013-6481).
 
 Pidgin before 2.10.8 allows remote MSN servers to cause a denial
 of service (NULL pointer dereference and crash) via a crafted (1)
 SOAP response, (2) OIM XML response, or (3) Content-Length header
 (CVE-2013-6482).
 
 The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does
 not properly determine whether the from address in an iq reply
 is consistent with the to address in an iq request, which allows
 remote attackers to spoof iq traffic or cause a denial of service
 (NULL pointer dereference and application crash) via a crafted reply
 (CVE-2013-6483).
 
 The STUN protocol implementation in libpurple in Pidgin before 2.10.8
 allows remote STUN servers to cause a denial of service (out-of-bounds
 write operation and application crash) by triggering a socket read
 error (CVE-2013-6484).
 
 Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows
 remote HTTP servers to cause a denial of service (application crash)
 or possibly have unspecified other impact via an invalid chunk-size
 field in chunked transfer-coding data (CVE-2013-6485).
 
 gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted
 remote attackers to execute arbitrary programs via a message containing
 a file: URL that is improperly handled during construction of an
 explorer.exe command. NOTE: this vulnerability exists because of an
 incomplete fix for CVE-2011-3185 (CVE-2013-6486).
 
 Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu
 (gg) parser in Pidgin before 2.10.8 allows remote attackers to have
 an unspecified impact via a large Content-Length value, which triggers
 a buffer overflow (CVE-2013-6487).
 
 Integer signedness error in the MXit functionality in Pidgin
 before 2.10.8 allows remote attackers to cause a denial of service
 (segmentation fault) via a crafted emoticon value, which triggers an
 integer overflow and a buffer overflow (CVE-2013-6489).
 
 The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote
 attackers to have an unspecified impact via a negative Content-Length
 header, which triggers a buffer overflow (CVE-2013-6490).
 
 The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does
 not validate argument counts, which allows remote IRC servers to
 cause a denial of service (application crash) via a crafted message
 (CVE-2014-0020).
 
 This update provides pidgin 2.10.9, which is not vulnerable to
 these issues.
 
 Additionally a build problem conserning sqlite3 was discovered and
 fixed, therefore fixed sqlite3 packages is also provided with this
 advisory.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
 http://www.pidgin.im/news/security/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 d5e069e752c3e17c4da5aa68e0b58861  mes5/i586/finch-2.10.9-0.1mdvmes5.2.i586.rpm
 59e74cb9433ce7913641c650902a46ef  mes5/i586/lemon-3.7.17-0.2mdvmes5.2.i586.rpm
 622382a4c075b1a34e07557893c46e37  mes5/i586/libfinch0-2.10.9-0.1mdvmes5.2.i586.rpm
 259cedc6c30b9a1b405a8648965ba698  mes5/i586/libpurple0-2.10.9-0.1mdvmes5.2.i586.rpm
 0ab50a1d9b026f40ff1bd1c387365942  mes5/i586/libpurple-devel-2.10.9-0.1mdvmes5.2.i586.rpm
 d74e7b6d9e51aba8934b35c586b91ad1  mes5/i586/libsqlite3_0-3.7.17-0.2mdvmes5.2.i586.rpm
 7e8328f32d8f5a04d467f681bcad63ea  mes5/i586/libsqlite3-devel-3.7.17-0.2mdvmes5.2.i586.rpm
 e4c5573f96eac1d929dd230a7865382b  mes5/i586/libsqlite3-static-devel-3.7.17-0.2mdvmes5.2.i586.rpm
 c04ea89dee22c74eafd9b3024d4ade75  mes5/i586/pidgin-2.10.9-0.1mdvmes5.2.i586.rpm
 e9b40d036b1a72333b6a3eeee09cccdb  mes5/i586/pidgin-bonjour-2.10.9-0.1mdvmes5.2.i586.rpm
 19813100aac040610354d571e9cca8bc  mes5/i586/pidgin-client-2.10.9-0.1mdvmes5.2.i586.rpm
 8136df89bdc4d840c9a54a52b0ed0e63  mes5/i586/pidgin-gevolution-2.10.9-0.1mdvmes5.2.i586.rpm
 fc2163f93b0ae4ead4c7435fb4f120e6  mes5/i586/pidgin-i18n-2.10.9-0.1mdvmes5.2.i586.rpm
 076a516d309c63bf23dd22f50a4784ae  mes5/i586/pidgin-meanwhile-2.10.9-0.1mdvmes5.2.i586.rpm
 5f97910f07a93533f37b9b85b6ce17c7  mes5/i586/pidgin-perl-2.10.9-0.1mdvmes5.2.i586.rpm
 0e253e8be6fe43e608e561dc8aea85e5  mes5/i586/pidgin-plugins-2.10.9-0.1mdvmes5.2.i586.rpm
 751f1e9e64876916d4e94d2b98c48305  mes5/i586/pidgin-silc-2.10.9-0.1mdvmes5.2.i586.rpm
 0fe038d2e0a1af10101a44c830d962e7  mes5/i586/pidgin-tcl-2.10.9-0.1mdvmes5.2.i586.rpm
 8a9c11da3d1b6631c5903bb17ceff35c  mes5/i586/sqlite3-tcl-3.7.17-0.2mdvmes5.2.i586.rpm
 c97a4fad0918784bc99108eae935b3cb  mes5/i586/sqlite3-tools-3.7.17-0.2mdvmes5.2.i586.rpm 
 eff3563dfb7c81e0b56bb75b122897d3  mes5/SRPMS/pidgin-2.10.9-0.1mdvmes5.2.src.rpm
 feb4686f16dd3bf86525874ecac26270  mes5/SRPMS/sqlite3-3.7.17-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 c542e6f719b399da75417f97274b21a4  mes5/x86_64/finch-2.10.9-0.1mdvmes5.2.x86_64.rpm
 dd418736a2897d4cb9057b0de35bc2aa  mes5/x86_64/lemon-3.7.17-0.2mdvmes5.2.x86_64.rpm
 325a2f54d9a9dab7091ca3db315d9a0d  mes5/x86_64/lib64finch0-2.10.9-0.1mdvmes5.2.x86_64.rpm
 06ffc4fe6aaff23bfa55b32f1b104553  mes5/x86_64/lib64purple0-2.10.9-0.1mdvmes5.2.x86_64.rpm
 95b09c1e20930274cc157b7cbdc1ed30  mes5/x86_64/lib64purple-devel-2.10.9-0.1mdvmes5.2.x86_64.rpm
 29400793bb255c219aaf632d2c29992e  mes5/x86_64/lib64sqlite3_0-3.7.17-0.2mdvmes5.2.x86_64.rpm
 7d50c2c9a0ba8dbb4503d998565c8054  mes5/x86_64/lib64sqlite3-devel-3.7.17-0.2mdvmes5.2.x86_64.rpm
 9e4b938ceb9ba6632c6793f8ae742918  mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.2mdvmes5.2.x86_64.rpm
 16fa661249fbe539a5767ba293e954f0  mes5/x86_64/pidgin-2.10.9-0.1mdvmes5.2.x86_64.rpm
 f2f946951136034027f0975f3ebcf13c  mes5/x86_64/pidgin-bonjour-2.10.9-0.1mdvmes5.2.x86_64.rpm
 8f69b2e27d0ded87aa76cb595775d744  mes5/x86_64/pidgin-client-2.10.9-0.1mdvmes5.2.x86_64.rpm
 7aa49805c62357537de5545f6c4c09b0  mes5/x86_64/pidgin-gevolution-2.10.9-0.1mdvmes5.2.x86_64.rpm
 d1d9652103f7b2ad47910dc95762d96e  mes5/x86_64/pidgin-i18n-2.10.9-0.1mdvmes5.2.x86_64.rpm
 17f1f4181d242156357053c51680b44e  mes5/x86_64/pidgin-meanwhile-2.10.9-0.1mdvmes5.2.x86_64.rpm
 b54af0150969364e33e458f33c4ec8f6  mes5/x86_64/pidgin-perl-2.10.9-0.1mdvmes5.2.x86_64.rpm
 7466096e476af27c108d24871106704d  mes5/x86_64/pidgin-plugins-2.10.9-0.1mdvmes5.2.x86_64.rpm
 6df18cb5be0699d8e7972eac6694290c  mes5/x86_64/pidgin-silc-2.10.9-0.1mdvmes5.2.x86_64.rpm
 c27fceeb99785261185d8864204d61e8  mes5/x86_64/pidgin-tcl-2.10.9-0.1mdvmes5.2.x86_64.rpm
 d05b1b1c334e339acb80c3557fd42cc8  mes5/x86_64/sqlite3-tcl-3.7.17-0.2mdvmes5.2.x86_64.rpm
 6b82dedf6e42f809ec943c076dff67f9  mes5/x86_64/sqlite3-tools-3.7.17-0.2mdvmes5.2.x86_64.rpm 
 eff3563dfb7c81e0b56bb75b122897d3  mes5/SRPMS/pidgin-2.10.9-0.1mdvmes5.2.src.rpm
 feb4686f16dd3bf86525874ecac26270  mes5/SRPMS/sqlite3-3.7.17-0.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFS+gm/mqjQ0CJFipgRAglhAJ9pHRmOiX3IS07H90G/CqZQIZi8XwCghvOW
vZrdz+M7YegoIowGho3xYXQ=
=2vhw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ