full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2010:001 ] pidgin

[Full-disclosure] [ MDVSA-2010:001 ] pidgin

From: <security_at_nospam>
Date: Tue Jan 12 2010 - 00:36:00 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2010:001  http://www.mandriva.com/security/
Package : pidgin Date : January 11, 2010 Affected: 2008.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

 Problem Description:

 Security vulnerabilities has been identified and fixed in pidgin:  

 The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium  before 1.3.7 allows remote attackers to cause a denial of service  (application crash) via crafted contact-list data for (1) ICQ and  possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).  

 Directory traversal vulnerability in slp.c in the MSN protocol  plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows  remote attackers to read arbitrary files via a .. (dot dot) in an  application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,  a related issue to CVE-2004-0122. NOTE: it could be argued that  this is resultant from a vulnerability in which an emoticon download  request is processed even without a preceding text/x-mms-emoticon  message that announced availability of the emoticon (CVE-2010-0013).  

 Packages for 2008.0 are provided for Corporate Desktop 2008.0  customers.  

 This update provides pidgin 2.6.5, which is not vulnerable to these  issues.


 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 http://pidgin.im/news/security/
_______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0: 2c06bb10b976371e7300df80f21c9533 2008.0/i586/finch-2.6.5-0.1mdv2008.0.i586.rpm eec4d32bc466fe61620058eef2811c59 2008.0/i586/libfinch0-2.6.5-0.1mdv2008.0.i586.rpm c2e83523eef01b27c13030674f1821a6 2008.0/i586/libpurple0-2.6.5-0.1mdv2008.0.i586.rpm c048d2e19a00b62bc0c191ebd5fa0be6 2008.0/i586/libpurple-devel-2.6.5-0.1mdv2008.0.i586.rpm dfad05993ac7cf897035fa9f89cb356f 2008.0/i586/pidgin-2.6.5-0.1mdv2008.0.i586.rpm 4f8f5bbdaa24841787dc908bbd69b6c2 2008.0/i586/pidgin-bonjour-2.6.5-0.1mdv2008.0.i586.rpm 9069609e14ecedac948eada332204cba 2008.0/i586/pidgin-client-2.6.5-0.1mdv2008.0.i586.rpm f4bba9135a059cc4e17cef81e4e67f4c 2008.0/i586/pidgin-gevolution-2.6.5-0.1mdv2008.0.i586.rpm ac1fb16b6cb7aee737c8257cc08d10fd 2008.0/i586/pidgin-i18n-2.6.5-0.1mdv2008.0.i586.rpm 4d27f7e644d0a046bfaaa9f8e2730b1b 2008.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2008.0.i586.rpm ae1a27acc73fb0afdfcef69000164fff 2008.0/i586/pidgin-mono-2.6.5-0.1mdv2008.0.i586.rpm d9e9cc8eea7b6d610c259387e1c0d793 2008.0/i586/pidgin-perl-2.6.5-0.1mdv2008.0.i586.rpm 1439d48d97f903914d4d1bce8c1b7a20 2008.0/i586/pidgin-plugins-2.6.5-0.1mdv2008.0.i586.rpm 8cae43bfd645f923ba49f6ec2e09f6ad 2008.0/i586/pidgin-silc-2.6.5-0.1mdv2008.0.i586.rpm 096a02afcc29a8d1baa34a670e2de632 2008.0/i586/pidgin-tcl-2.6.5-0.1mdv2008.0.i586.rpm 5aac126cfe57e39c1b4eba9e2152d0be 2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 734f3c61defb540185b139769bab2d85 2008.0/x86_64/finch-2.6.5-0.1mdv2008.0.x86_64.rpm 2592d99b6a0dc93e761cf204d8669f3f 2008.0/x86_64/lib64finch0-2.6.5-0.1mdv2008.0.x86_64.rpm 2df77ea5193e8e235fe56ba020a9c411 2008.0/x86_64/lib64purple0-2.6.5-0.1mdv2008.0.x86_64.rpm 07476c00358bf692c911507376c1c61f 2008.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2008.0.x86_64.rpm 71f2517d99316e3f31963941d9c36c06 2008.0/x86_64/pidgin-2.6.5-0.1mdv2008.0.x86_64.rpm bd1217b2dc4587cfd38e0b8b2781bde7 2008.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2008.0.x86_64.rpm 5b2ef2c3a2f84c241f43f151d6713f37 2008.0/x86_64/pidgin-client-2.6.5-0.1mdv2008.0.x86_64.rpm ec0e2975982a45eee3e37ecf07c356b5 2008.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2008.0.x86_64.rpm d724e5fde2c4495883463a1d508e87c8 2008.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2008.0.x86_64.rpm 8d2c6a64e63d24a2da8a130b967f048a 2008.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2008.0.x86_64.rpm 2aa347dceb072b18bbd6e2665c19b7b5 2008.0/x86_64/pidgin-mono-2.6.5-0.1mdv2008.0.x86_64.rpm aa0c7bc1e0909f2a1c0a3a890e590263 2008.0/x86_64/pidgin-perl-2.6.5-0.1mdv2008.0.x86_64.rpm f3c4f803f7d765da7dddc900fc2a8272 2008.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2008.0.x86_64.rpm 9bacb42d819da7afa3ddc5cac0efb367 2008.0/x86_64/pidgin-silc-2.6.5-0.1mdv2008.0.x86_64.rpm 9caaf8618d807e9fd894cd4786a5792d 2008.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2008.0.x86_64.rpm 5aac126cfe57e39c1b4eba9e2152d0be 2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm

 Mandriva Linux 2009.1: 269680b8627e14ab28ad538ec1794fc6 2009.1/i586/finch-2.6.5-0.1mdv2009.1.i586.rpm 3e8698694d5815efdb7087c83d798c91 2009.1/i586/libfinch0-2.6.5-0.1mdv2009.1.i586.rpm 647f99c4af50ce8048dce0501d5f40f1 2009.1/i586/libpurple0-2.6.5-0.1mdv2009.1.i586.rpm 24ed864184fe49d6c20619d56dd4e3cd 2009.1/i586/libpurple-devel-2.6.5-0.1mdv2009.1.i586.rpm 53c906b4480baaa17d4e238b1086206e 2009.1/i586/pidgin-2.6.5-0.1mdv2009.1.i586.rpm ae1844987b0eb15307aabf6cc3da34a0 2009.1/i586/pidgin-bonjour-2.6.5-0.1mdv2009.1.i586.rpm aae4869422c8dc493e081007a6f58371 2009.1/i586/pidgin-client-2.6.5-0.1mdv2009.1.i586.rpm 66a6b80410df0defb9485dc0bb27fb34 2009.1/i586/pidgin-gevolution-2.6.5-0.1mdv2009.1.i586.rpm 9b4f7905b504f711e67b26813dba9d0f 2009.1/i586/pidgin-i18n-2.6.5-0.1mdv2009.1.i586.rpm 72c819c5fde5e1f0bf0b0ffef243c1a8 2009.1/i586/pidgin-meanwhile-2.6.5-0.1mdv2009.1.i586.rpm b1955f1ec6703f48e2b38ac7d9c729e8 2009.1/i586/pidgin-mono-2.6.5-0.1mdv2009.1.i586.rpm 09a3f76e8e1fc2a6779b4faab8a94cfd 2009.1/i586/pidgin-perl-2.6.5-0.1mdv2009.1.i586.rpm 42f2cff9243dd87d2408f33b4d73271a 2009.1/i586/pidgin-plugins-2.6.5-0.1mdv2009.1.i586.rpm e3c679e80c9775621ea766dc9c6149d9 2009.1/i586/pidgin-silc-2.6.5-0.1mdv2009.1.i586.rpm bfb8442e6b20082a70181aed3d1c783b 2009.1/i586/pidgin-tcl-2.6.5-0.1mdv2009.1.i586.rpm fe01a680e95e685c145395daa0c74d6f 2009.1/SRPMS/pidgin-2.6.5-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64: bcb40187a5240d7a9a36f7a32b18d0ab 2009.1/x86_64/finch-2.6.5-0.1mdv2009.1.x86_64.rpm 303b977f8ba5f161b179b656338dc782 2009.1/x86_64/lib64finch0-2.6.5-0.1mdv2009.1.x86_64.rpm 25353cfeb50a9900c0a65cc9472ac560 2009.1/x86_64/lib64purple0-2.6.5-0.1mdv2009.1.x86_64.rpm 865bad4d662e745bbe33aa1e564d23c4 2009.1/x86_64/lib64purple-devel-2.6.5-0.1mdv2009.1.x86_64.rpm da00b2139642b94b27c5710e88fe4892 2009.1/x86_64/pidgin-2.6.5-0.1mdv2009.1.x86_64.rpm 8e9972a9c5830ab95f4a09705a63edbd 2009.1/x86_64/pidgin-bonjour-2.6.5-0.1mdv2009.1.x86_64.rpm 3ac48c05904cc941e066fc526d6a0194 2009.1/x86_64/pidgin-client-2.6.5-0.1mdv2009.1.x86_64.rpm 7cfc8df430f206518e7e20bafd74ff34 2009.1/x86_64/pidgin-gevolution-2.6.5-0.1mdv2009.1.x86_64.rpm 8b17dc9cde60ddea83fa160626b52b1f 2009.1/x86_64/pidgin-i18n-2.6.5-0.1mdv2009.1.x86_64.rpm c01072c3982576a6a039234dbed521f9 2009.1/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2009.1.x86_64.rpm 361edaf5081b515632511f25cb559c32 2009.1/x86_64/pidgin-mono-2.6.5-0.1mdv2009.1.x86_64.rpm 82d8bec4c950438f2e8a528dffa12680 2009.1/x86_64/pidgin-perl-2.6.5-0.1mdv2009.1.x86_64.rpm 471f5e692b146f8468e57e37a3c32e79 2009.1/x86_64/pidgin-plugins-2.6.5-0.1mdv2009.1.x86_64.rpm 3df1f0b5635450e109475b0c788dc076 2009.1/x86_64/pidgin-silc-2.6.5-0.1mdv2009.1.x86_64.rpm d1a235325d92b8d197d24689e9bc8c91 2009.1/x86_64/pidgin-tcl-2.6.5-0.1mdv2009.1.x86_64.rpm fe01a680e95e685c145395daa0c74d6f 2009.1/SRPMS/pidgin-2.6.5-0.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5: bda586297f58b893e9169c3633c42f19 mes5/i586/finch-2.6.5-0.1mdvmes5.i586.rpm 7a0b2fbd75e3aab0bc575019aaf3884e mes5/i586/libfinch0-2.6.5-0.1mdvmes5.i586.rpm d79904ede6e7f2504d69c508d355be26 mes5/i586/libpurple0-2.6.5-0.1mdvmes5.i586.rpm 017b02bdae1fbc09535c5e69d8331ac0 mes5/i586/libpurple-devel-2.6.5-0.1mdvmes5.i586.rpm 2e49866970ecd0fb77fcfe935f2ab687 mes5/i586/pidgin-2.6.5-0.1mdvmes5.i586.rpm c2053b02a640fcb18a67a87fb135b918 mes5/i586/pidgin-bonjour-2.6.5-0.1mdvmes5.i586.rpm cfacfe3b1132029f8338760168c36493 mes5/i586/pidgin-client-2.6.5-0.1mdvmes5.i586.rpm f7e79cf79d7d5eb8d21239e444ed44af mes5/i586/pidgin-gevolution-2.6.5-0.1mdvmes5.i586.rpm 6eb973f74a1b04e3f0b7c5f2291b09fc mes5/i586/pidgin-i18n-2.6.5-0.1mdvmes5.i586.rpm ca8c9b034028bdfc840bbe5a6eb26d06 mes5/i586/pidgin-meanwhile-2.6.5-0.1mdvmes5.i586.rpm 6e6208113b5475f7b85f2bb29704800d mes5/i586/pidgin-mono-2.6.5-0.1mdvmes5.i586.rpm 08b7a161b9c0a51a2499484db4e1fe79 mes5/i586/pidgin-perl-2.6.5-0.1mdvmes5.i586.rpm 0244133ee014473952027563d11d6add mes5/i586/pidgin-plugins-2.6.5-0.1mdvmes5.i586.rpm 80f4a562dfa690d2e8f0a8c5311e120e mes5/i586/pidgin-silc-2.6.5-0.1mdvmes5.i586.rpm 83b3232cf6c66d92dabb774c0def6614 mes5/i586/pidgin-tcl-2.6.5-0.1mdvmes5.i586.rpm 9ce0bda8ac562159dc716138c241a100 mes5/SRPMS/pidgin-2.6.5-0.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64: f6e4c01ec1f48943b9e89ce2c953c4e1 mes5/x86_64/finch-2.6.5-0.1mdvmes5.x86_64.rpm 49eb1dc9677e41b7307400ab7ca2ee27 mes5/x86_64/lib64finch0-2.6.5-0.1mdvmes5.x86_64.rpm 18321beef2d26e1593b33f8ebb5ec1ae mes5/x86_64/lib64purple0-2.6.5-0.1mdvmes5.x86_64.rpm c8b713e36ca72076f2a5b5eaf33ad135 mes5/x86_64/lib64purple-devel-2.6.5-0.1mdvmes5.x86_64.rpm 2c6f8d365eb937484d511655c5aa7aa3 mes5/x86_64/pidgin-2.6.5-0.1mdvmes5.x86_64.rpm 8cf704c47329f08e6b537e227d0c9940 mes5/x86_64/pidgin-bonjour-2.6.5-0.1mdvmes5.x86_64.rpm ce206f00542b4107b5beb35a98bde3f1 mes5/x86_64/pidgin-client-2.6.5-0.1mdvmes5.x86_64.rpm b872c17b1593e47f3507a16489e99133 mes5/x86_64/pidgin-gevolution-2.6.5-0.1mdvmes5.x86_64.rpm 152a57c69c14a94a77c4d8a3f7171eca mes5/x86_64/pidgin-i18n-2.6.5-0.1mdvmes5.x86_64.rpm d84d73937497757ff25a7b930b33e71f mes5/x86_64/pidgin-meanwhile-2.6.5-0.1mdvmes5.x86_64.rpm 4fcc66ad7165b1478a1f9eb1b9ed983b mes5/x86_64/pidgin-mono-2.6.5-0.1mdvmes5.x86_64.rpm 8fec99559e791f5f60eb54cafce66c61 mes5/x86_64/pidgin-perl-2.6.5-0.1mdvmes5.x86_64.rpm d5e01fb2c9062c0e5994543bc36f9b0e mes5/x86_64/pidgin-plugins-2.6.5-0.1mdvmes5.x86_64.rpm 35d7b9c4fdb6a48730992b7a7f6bb533 mes5/x86_64/pidgin-silc-2.6.5-0.1mdvmes5.x86_64.rpm 663736889037e7c6ffe8c31ac0e53e70 mes5/x86_64/pidgin-tcl-2.6.5-0.1mdvmes5.x86_64.rpm 9ce0bda8ac562159dc716138c241a100 mes5/SRPMS/pidgin-2.6.5-0.1mdvmes5.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLS5dWmqjQ0CJFipgRAuqOAJ9ZWf6gqrDNe0RfHMH2YbI3sKR7RwCcDVeC TnSrShrUf1HCLIkglWLyznA=
=g4Z0
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/