The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-548-1] Pidgin vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Wed, 28 Nov 2007 15:29:45 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-548-1] Pidgin vulnerability
Message-ID: <20071128232945.GE8789@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="vJI8q/aziP9idhqk"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.301 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--vJI8q/aziP9idhqk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-548-1          November 28, 2007
pidgin vulnerability
CVE-2007-4999
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libpurple0                      1:2.2.1-1ubuntu4.1

After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.

Details follow:

It was discovered that Pidgin did not correctly handle certain logging
events.  A remote attacker could send specially crafted messages and cause
the application to crash, leading to a denial of service.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubun=
tu4.1.diff.gz
      Size/MD5:    50647 96089eb50a7b671e85ae34579d261a13
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubun=
tu4.1.dsc
      Size/MD5:     1467 c8f381c53df16c7c48f37d1791456181
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1.orig.=
tar.gz
      Size/MD5: 12868326 3de2ef29d4a62c515a223cba5d4c4671

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1u=
buntu4.1_all.deb
      Size/MD5:   143250 2bd8553c5f54c1d801c2cba0033ecad3
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2.=
1-1ubuntu4.1_all.deb
      Size/MD5:   123518 a6de723a4cac478c862eb0a3104934aa
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2.=
1-1ubuntu4.1_all.deb
      Size/MD5:   257104 30c57242ae1fe458d4ec383289321045
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1-=
1ubuntu4.1_all.deb
      Size/MD5:  1390274 6cab724db2fd3ece0efcd96ee0af4337
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1-1=
ubuntu4.1_all.deb
      Size/MD5:   200036 e554277403d304d530540038162211d8
    http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1ub=
untu4.1_all.deb
      Size/MD5:   118784 4f93e518b726f52c8b80de02ad1625d0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubunt=
u4.1_amd64.deb
      Size/MD5:   310910 6d00e43ef0be60fe2c5db3e1cde48127
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1=
ubuntu4.1_amd64.deb
      Size/MD5:  1565274 4c74db778897bed1782afea6a1c38742
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1=
ubuntu4.1_amd64.deb
      Size/MD5:  4871182 31271504b5a4fc8192d713d09da99daf
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubun=
tu4.1_amd64.deb
      Size/MD5:   646292 93e5eb84e32f3fba7de5270faf909a2d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubunt=
u4.1_i386.deb
      Size/MD5:   292670 46a2a01d100dda87d8ac0fffbb3c12cf
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1=
ubuntu4.1_i386.deb
      Size/MD5:  1453538 ee5e546d0516add420246a17ad93b279
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1=
ubuntu4.1_i386.deb
      Size/MD5:  4580778 21ea33720d2fe377426090fc55b62834
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubun=
tu4.1_i386.deb
      Size/MD5:   603440 9bb6a73b205318fb3129f8b259711ce5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubunt=
u4.1_powerpc.deb
      Size/MD5:   326628 98586b4303b729c727bd72ba925a06f5
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1=
ubuntu4.1_powerpc.deb
      Size/MD5:  1631546 0625ae9b6eb0695e11aae31dbc596cad
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1=
ubuntu4.1_powerpc.deb
      Size/MD5:  4842230 5c341ab354bff24a7a123b56ca33282c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubun=
tu4.1_powerpc.deb
      Size/MD5:   678294 2f8ee075a90426ed3bdc6a937647b25f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubunt=
u4.1_sparc.deb
      Size/MD5:   294508 29c52f55d7f31251ee2abe3812741083
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1=
ubuntu4.1_sparc.deb
      Size/MD5:  1482860 46e3727c77c4ce6e45787820fff46728
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1=
ubuntu4.1_sparc.deb
      Size/MD5:  4445306 865d1edbe88878f3bc06bd13d4857edc
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubun=
tu4.1_sparc.deb
      Size/MD5:   609512 113d0464160560a69c773c79d686e1c7


--vJI8q/aziP9idhqk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTfnpH/9LqRcGPm0RApBZAJ9LvJTFtoMUHd8AYARZMO7jJiREcQCgjpc2
VBUimw+IAV/ANTCfAv+s6Ck=
=J2Vb
-----END PGP SIGNATURE-----

--vJI8q/aziP9idhqk--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру