BugTraq
[ MDVSA-2010:148 ] pidgin Aug 12 2010 02:49PM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:148
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pidgin
Date : August 12, 2010
Affected: 2008.0, 2009.0, 2010.0, 2010.1
_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in pidgin:

The clientautoresp function in family_icbm.c in the oscar protocol
plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated
users to cause a denial of service (NULL pointer dereference and
application crash) via an X-Status message that lacks the expected
end tag for a (1) desc or (2) title element (CVE-2010-2528).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

This update provides pidgin 2.7.3, which is not vulnerable to this
issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528
http://pidgin.im/news/security/
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
e4fd99a595641b265da0fd1dc6d1ffcf 2008.0/i586/finch-2.7.3-0.1mdv2008.0.i586.rpm
35d3eec60d6aee7cc349716c8e7bac52 2008.0/i586/libfinch0-2.7.3-0.1mdv2008.0.i586.rpm
562cfc92fb2c554bafaf09a8ef2944fb 2008.0/i586/libpurple0-2.7.3-0.1mdv2008.0.i586.rpm
a8a8569334d7974e5fbe194f36d358a4 2008.0/i586/libpurple-devel-2.7.3-0.1mdv2008.0.i586.rpm
b02ab7ea47017ff8cbf084ee4405ea22 2008.0/i586/pidgin-2.7.3-0.1mdv2008.0.i586.rpm
072207a6fd1e05838ae680e9203269d1 2008.0/i586/pidgin-bonjour-2.7.3-0.1mdv2008.0.i586.rpm
e6d3f52740bed9569021e1b153a6b53f 2008.0/i586/pidgin-client-2.7.3-0.1mdv2008.0.i586.rpm
a9f3bef0bfe4b85d41e313ebb225295a 2008.0/i586/pidgin-gevolution-2.7.3-0.1mdv2008.0.i586.rpm
fa1743cfca50eea23b441ca4e8a5f50b 2008.0/i586/pidgin-i18n-2.7.3-0.1mdv2008.0.i586.rpm
e0d5bd6ab76c0b17951b82f88e7e956c 2008.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2008.0.i586.rpm
f92bc4ee72d729f26f9ab7e2f385470f 2008.0/i586/pidgin-perl-2.7.3-0.1mdv2008.0.i586.rpm
32addf782d1a19b1fd40bfe73e51d357 2008.0/i586/pidgin-plugins-2.7.3-0.1mdv2008.0.i586.rpm
3d4a5d5b7e705dfdf5fe41ea39b75565 2008.0/i586/pidgin-silc-2.7.3-0.1mdv2008.0.i586.rpm
79b6080156d8e4688aa297e96d551c7a 2008.0/i586/pidgin-tcl-2.7.3-0.1mdv2008.0.i586.rpm
ef57d4556f401871ea93163d0f6ff51a 2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
2d04ae11eca52b5220f2fa6fbba33717 2008.0/x86_64/finch-2.7.3-0.1mdv2008.0.x86_64.rpm
1250c66561ceaba90237aed7e2a98356 2008.0/x86_64/lib64finch0-2.7.3-0.1mdv2008.0.x86_64.rpm
d2256ba7ef4f44a4c0627d2ce1b6b162 2008.0/x86_64/lib64purple0-2.7.3-0.1mdv2008.0.x86_64.rpm
5e1d536a439a01a8dcc1ed5197ebd280 2008.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2008.0.x86_64.rpm
ec9efec4fa7319a3e5d42a4d43ca7781 2008.0/x86_64/pidgin-2.7.3-0.1mdv2008.0.x86_64.rpm
c7f7c07bcf9ecaf6358a7740c4b22cbd 2008.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2008.0.x86_64.rpm
4ee28141dbb69a8be25c40fc7930269c 2008.0/x86_64/pidgin-client-2.7.3-0.1mdv2008.0.x86_64.rpm
6d8ebdb3204364475461e0ae1c01d2bf 2008.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2008.0.x86_64.rpm
d0c676e49c53364da58807fa2cad0a04 2008.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2008.0.x86_64.rpm
2dd48faece804b4d8dd46f8059cc877e 2008.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2008.0.x86_64.rpm
f68b63989cfc13e9670cb75b9479b2f8 2008.0/x86_64/pidgin-perl-2.7.3-0.1mdv2008.0.x86_64.rpm
ad286ee88a4acea3d1b0f4425d3582f5 2008.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2008.0.x86_64.rpm
d09967081926011d47e31dad0a6c2f89 2008.0/x86_64/pidgin-silc-2.7.3-0.1mdv2008.0.x86_64.rpm
1eb27150d5f14d5f46299e4c56a56904 2008.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2008.0.x86_64.rpm
ef57d4556f401871ea93163d0f6ff51a 2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm

Mandriva Linux 2009.0:
076963b985c194b076f9d86f05aaac0b 2009.0/i586/finch-2.7.3-0.1mdv2009.0.i586.rpm
f6b17accc5a30052f0ca5b2ea2aad709 2009.0/i586/libfinch0-2.7.3-0.1mdv2009.0.i586.rpm
40f0de67c47f31565b67b75f5bef3898 2009.0/i586/libpurple0-2.7.3-0.1mdv2009.0.i586.rpm
6b8eda06a712c0c37984bcaae5e6fb6a 2009.0/i586/libpurple-devel-2.7.3-0.1mdv2009.0.i586.rpm
0ab13eac41ff8ef93701c8d7cad6f901 2009.0/i586/pidgin-2.7.3-0.1mdv2009.0.i586.rpm
072166d9e8ea9e474d47fc39ddb1991b 2009.0/i586/pidgin-bonjour-2.7.3-0.1mdv2009.0.i586.rpm
1129d2755380e21e66aff39b466ff517 2009.0/i586/pidgin-client-2.7.3-0.1mdv2009.0.i586.rpm
80a6c489a6dca369399077393e70febf 2009.0/i586/pidgin-gevolution-2.7.3-0.1mdv2009.0.i586.rpm
438f4448c4290b76b0e0b7dc7db64ded 2009.0/i586/pidgin-i18n-2.7.3-0.1mdv2009.0.i586.rpm
fc9c63394102d193848a5b72dbb233a6 2009.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2009.0.i586.rpm
cbe8886303178eaa539cacbe4c00d3a4 2009.0/i586/pidgin-perl-2.7.3-0.1mdv2009.0.i586.rpm
cc8264e62c50f01d9e1abe02a241bf5c 2009.0/i586/pidgin-plugins-2.7.3-0.1mdv2009.0.i586.rpm
c5a98ff8dd78ffe3e0862f076be82670 2009.0/i586/pidgin-silc-2.7.3-0.1mdv2009.0.i586.rpm
2b737da515c5b4690fe669e7714e7666 2009.0/i586/pidgin-tcl-2.7.3-0.1mdv2009.0.i586.rpm
912b7ded0fe3a1d3379dcc35b1c71a19 2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
6fd5c7fffca5a8c448630f03576bf71f 2009.0/x86_64/finch-2.7.3-0.1mdv2009.0.x86_64.rpm
aac333dfc0acea060e03729538ac3aa3 2009.0/x86_64/lib64finch0-2.7.3-0.1mdv2009.0.x86_64.rpm
e732962dcf319f252cdcc50be8d4e641 2009.0/x86_64/lib64purple0-2.7.3-0.1mdv2009.0.x86_64.rpm
d76c51a9439d5c3db513ade1ebf7ef96 2009.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2009.0.x86_64.rpm
8e0c47428aea00708afdb0629b33b181 2009.0/x86_64/pidgin-2.7.3-0.1mdv2009.0.x86_64.rpm
1f0324d68b1dff46ac295eb10c05e850 2009.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2009.0.x86_64.rpm
2e326154cf2284f49d227a4cec970cc2 2009.0/x86_64/pidgin-client-2.7.3-0.1mdv2009.0.x86_64.rpm
2e36dc2d96f024df021e7acbbec0e70e 2009.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2009.0.x86_64.rpm
7419ec6a5bd4181042478ce21fdddfce 2009.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2009.0.x86_64.rpm
7ceaa4c90816f0307b4831c38e0e679f 2009.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2009.0.x86_64.rpm
266280938d9597dea48f53e8acc37348 2009.0/x86_64/pidgin-perl-2.7.3-0.1mdv2009.0.x86_64.rpm
2154dd887732ff4b06f33d961baf4507 2009.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2009.0.x86_64.rpm
0a774bbb60f2e6303999f846f8ffaee2 2009.0/x86_64/pidgin-silc-2.7.3-0.1mdv2009.0.x86_64.rpm
d10318a6d1a7a7fe5193c974eeec1959 2009.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2009.0.x86_64.rpm
912b7ded0fe3a1d3379dcc35b1c71a19 2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm

Mandriva Linux 2010.0:
8fda37f89816a43c013723c6af25e191 2010.0/i586/finch-2.7.3-0.1mdv2010.0.i586.rpm
acc1b447c04b2d0bc3bc294b6ad05ed1 2010.0/i586/libfinch0-2.7.3-0.1mdv2010.0.i586.rpm
3714427fac881efce00130311225090e 2010.0/i586/libpurple0-2.7.3-0.1mdv2010.0.i586.rpm
ede8ed501bc9a8d9fc2125c02c714ab5 2010.0/i586/libpurple-devel-2.7.3-0.1mdv2010.0.i586.rpm
cca38e55bc6bcd6ed77e12aa9440dc2f 2010.0/i586/pidgin-2.7.3-0.1mdv2010.0.i586.rpm
442b92aadcd7218a4166b16e56079d11 2010.0/i586/pidgin-bonjour-2.7.3-0.1mdv2010.0.i586.rpm
b6d3272ae774a5d961108819c0229c66 2010.0/i586/pidgin-client-2.7.3-0.1mdv2010.0.i586.rpm
0ea8d73839491023323448aa5b0e1991 2010.0/i586/pidgin-i18n-2.7.3-0.1mdv2010.0.i586.rpm
2e22a31b0a218199641e7a30be2e8ccf 2010.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.0.i586.rpm
b5282c4d9735b3ee81011c93527c539b 2010.0/i586/pidgin-perl-2.7.3-0.1mdv2010.0.i586.rpm
c4e7719491ce0456df312cdb9f52cd5b 2010.0/i586/pidgin-plugins-2.7.3-0.1mdv2010.0.i586.rpm
f71fd2e28c33d8213d8c7380137255de 2010.0/i586/pidgin-silc-2.7.3-0.1mdv2010.0.i586.rpm
0cbf0fdba22b49ac756cf59a5e49f1ec 2010.0/i586/pidgin-tcl-2.7.3-0.1mdv2010.0.i586.rpm
68155307c48ba4c4d83f8337f299d5b0 2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
6987ee958cdfa7012b2e90beb2266d4f 2010.0/x86_64/finch-2.7.3-0.1mdv2010.0.x86_64.rpm
068a1712e8ddabb43193342727011a3a 2010.0/x86_64/lib64finch0-2.7.3-0.1mdv2010.0.x86_64.rpm
5696ffec1f7ebecc1d09794aad3f2f69 2010.0/x86_64/lib64purple0-2.7.3-0.1mdv2010.0.x86_64.rpm
369f365b0beab8b4d12dc818c087f069 2010.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.0.x86_64.rpm
a55cf9816776743e3defaff99d48d95e 2010.0/x86_64/pidgin-2.7.3-0.1mdv2010.0.x86_64.rpm
3e3297eff0fe50da1afb133fc1c6e92b 2010.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.0.x86_64.rpm
065c08529e685dc76b312c7084e74549 2010.0/x86_64/pidgin-client-2.7.3-0.1mdv2010.0.x86_64.rpm
3948da49ef61b00c01f614d9631c7268 2010.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.0.x86_64.rpm
a33bd79c0c77d48070ce251864a01867 2010.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.0.x86_64.rpm
16891e8ef38a4e196d75658fda987cfb 2010.0/x86_64/pidgin-perl-2.7.3-0.1mdv2010.0.x86_64.rpm
acd69903970f0fedc7fed460dce20f3d 2010.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.0.x86_64.rpm
488a28dc35c30d692beed85f1958266e 2010.0/x86_64/pidgin-silc-2.7.3-0.1mdv2010.0.x86_64.rpm
329f3dbfe3c1270d69512fc35714f006 2010.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.0.x86_64.rpm
68155307c48ba4c4d83f8337f299d5b0 2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
74579b9daf7829cf473571a5046d2683 2010.1/i586/finch-2.7.3-0.1mdv2010.1.i586.rpm
49ff1a21cedb2887d87fcc8c2c01903f 2010.1/i586/libfinch0-2.7.3-0.1mdv2010.1.i586.rpm
942900adb56a0c155e1c25afc80f04fb 2010.1/i586/libpurple0-2.7.3-0.1mdv2010.1.i586.rpm
0d74232f3f1f22548f88d675e38eaae3 2010.1/i586/libpurple-devel-2.7.3-0.1mdv2010.1.i586.rpm
0e5e69388f92f48ffcdd5ca6f0c4a05f 2010.1/i586/pidgin-2.7.3-0.1mdv2010.1.i586.rpm
8c420084dcee03e585723613c54a03c5 2010.1/i586/pidgin-bonjour-2.7.3-0.1mdv2010.1.i586.rpm
6d39b7f80cfc84316569a93b68e20ffe 2010.1/i586/pidgin-client-2.7.3-0.1mdv2010.1.i586.rpm
ed4eecd54f2560d3037d0b738ba06140 2010.1/i586/pidgin-i18n-2.7.3-0.1mdv2010.1.i586.rpm
9309a8693cf0d00a5dbcc3037593388f 2010.1/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.1.i586.rpm
54e73fbbe5170751735b2f09b63b1d9b 2010.1/i586/pidgin-perl-2.7.3-0.1mdv2010.1.i586.rpm
ab16c9a8c76c7b4ad2aa4a63330aa555 2010.1/i586/pidgin-plugins-2.7.3-0.1mdv2010.1.i586.rpm
5462004ddf391342ac46960d3a5dc36e 2010.1/i586/pidgin-silc-2.7.3-0.1mdv2010.1.i586.rpm
e7a46f75407c2063eefad440a9e47c5a 2010.1/i586/pidgin-tcl-2.7.3-0.1mdv2010.1.i586.rpm
cc27820d6d975f3c6fe20aac044e2e2d 2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
f8ce165cae621ff31464867ef708689c 2010.1/x86_64/finch-2.7.3-0.1mdv2010.1.x86_64.rpm
038394859f480b54771c5fefe1548ada 2010.1/x86_64/lib64finch0-2.7.3-0.1mdv2010.1.x86_64.rpm
02de0ec7c1015454e305c964ddb1f3e8 2010.1/x86_64/lib64purple0-2.7.3-0.1mdv2010.1.x86_64.rpm
211875f94eb95d77a25f5472872ffb5e 2010.1/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.1.x86_64.rpm
d791f06b45f23499cf68aa0583474b11 2010.1/x86_64/pidgin-2.7.3-0.1mdv2010.1.x86_64.rpm
25089f1e1ec99d85ebb03208c7e253cf 2010.1/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.1.x86_64.rpm
ec80ddd3ae86895e9ec2cc87765b7756 2010.1/x86_64/pidgin-client-2.7.3-0.1mdv2010.1.x86_64.rpm
f99811c01f4875a2a556a7db55dfbe77 2010.1/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.1.x86_64.rpm
cc1d0b1c8006eff3e74e0731c35f5b12 2010.1/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.1.x86_64.rpm
bcdd432df8cf71099a423afb467cbc10 2010.1/x86_64/pidgin-perl-2.7.3-0.1mdv2010.1.x86_64.rpm
68ee77089e6ec4014107275d70927710 2010.1/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.1.x86_64.rpm
c3e39492df9753e1865363463cac0479 2010.1/x86_64/pidgin-silc-2.7.3-0.1mdv2010.1.x86_64.rpm
125602a2b6ee373f7a45ca8079b5ff2b 2010.1/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.1.x86_64.rpm
cc27820d6d975f3c6fe20aac044e2e2d 2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMY9opmqjQ0CJFipgRAnq3AKCNoeB1p0p38DiqexwLcQnK3ZksJwCaAhjV
kcVYAorP1VH1YehF4uox/6g=
=WyEv
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus