[USN-796-1] Pidgin vulnerability
Subject: [USN-796-1] Pidgin vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
To: [email protected]
Cc: [email protected], [email protected]
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-QIxF++3VGIzSmNthOEDq"
Date: Mon, 06 Jul 2009 14:30:00 -0400
Message-Id: <1246905000.26456.15.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-QIxF++3VGIzSmNthOEDq
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-796-1 July 06, 2009
pidgin vulnerability
CVE-2009-1889
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
pidgin 1:2.4.1-1ubuntu2.5
Ubuntu 8.10:
pidgin 1:2.5.2-0ubuntu1.3
Ubuntu 9.04:
pidgin 1:2.5.5-1ubuntu8.3
After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.
Details follow:
Yuriy Kaminskiy discovered that Pidgin did not properly handle certain
messages in the ICQ protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.5.diff.gz
Size/MD5: 69164 c70f15e2d9925bd9a59b50840bfb7955
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.5.dsc
Size/MD5: 1539 721951dceb5f4f14ae2bb4448ad1cac6
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1.orig.=
tar.gz
Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1u=
buntu2.5_all.deb
Size/MD5: 37848 19e50d194b3f88411ecad8fb59ca84ac
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4.=
1-1ubuntu2.5_all.deb
Size/MD5: 92484 8689a019c2ca2b38e15aff511afcb126
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4.=
1-1ubuntu2.5_all.deb
Size/MD5: 234622 57a60ab7b5b8200b1c59664fcaed09ad
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1-=
1ubuntu2.5_all.deb
Size/MD5: 1329072 1ccf6543b453ea97c93adeaf3c8cecab
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1-1=
ubuntu2.5_all.deb
Size/MD5: 72644 4cf5e0c20fe9d4e45bf5dbfa9a1977db
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1ub=
untu2.5_all.deb
Size/MD5: 86650 981f86978bf9d05d0325ca147789ba6a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubunt=
u2.5_amd64.deb
Size/MD5: 226882 19cfa44a561a43bc3fa11428fbafddaa
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1=
ubuntu2.5_amd64.deb
Size/MD5: 1604968 fb1664d9db6f4dcb7515cf0621a0e2c2
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1=
ubuntu2.5_amd64.deb
Size/MD5: 4432872 e82202e8158bd7fc5e528eff6352e9f1
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.5_amd64.deb
Size/MD5: 572092 d745457004a88ace8afe8327919c8366
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubunt=
u2.5_i386.deb
Size/MD5: 200870 62ba621c0643d3dd4e8a10e7fb627be6
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1=
ubuntu2.5_i386.deb
Size/MD5: 1365264 b8851b1dfcc45e5112379d86a8560b4f
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1=
ubuntu2.5_i386.deb
Size/MD5: 4242726 8d34410391640602f5fbaab114637eea
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.5_i386.deb
Size/MD5: 517136 f27931424aae4d2df6d9276d57778ef4
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_lpia.=
deb
Size/MD5: 197190 125d9dc936b19fc2e30b63395cc91311
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_=
lpia.deb
Size/MD5: 1415410 264502f259c45da978283cd2deed21ff
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_=
lpia.deb
Size/MD5: 4372712 4815c0b8f5e5db6a483b9b7b5e90202f
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_lpia=
.deb
Size/MD5: 511658 3fe599d6288bcc92b1eaa8df579a7fae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_power=
pc.deb
Size/MD5: 237202 c45aea5032ff9e61326243cf29fe58ca
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_=
powerpc.deb
Size/MD5: 1633736 3c8b4d4c45b28d0726bc6669c1e82e9c
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_=
powerpc.deb
Size/MD5: 4475886 fde137ce8d58e26fb707478742563802
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_powe=
rpc.deb
Size/MD5: 589636 2f142dc2f8674578f52743bd6db54245
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_sparc=
.deb
Size/MD5: 212832 e0931b8368e9a5be0edc1dcad7af9cc5
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_=
sparc.deb
Size/MD5: 1531968 60665d8ee53ac8f2b83579c6ef120743
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_=
sparc.deb
Size/MD5: 4364144 49f051b8a8c85d449e074f43889c6455
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_spar=
c.deb
Size/MD5: 545640 dca0481b3b91cac603d926d0b364a075
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.3.diff.gz
Size/MD5: 61109 89770bcc35af977d3b33c5d4fd432ba1
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.3.dsc
Size/MD5: 1995 1e9143dccb487f7a07ff787faf305316
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2.orig.=
tar.gz
Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.2-0u=
buntu1.3_all.deb
Size/MD5: 38228 e74e5d5bdd6259248715951152db8960
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.=
2-0ubuntu1.3_all.deb
Size/MD5: 94990 87c0100cb825079578ff39896e39e5bb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.=
2-0ubuntu1.3_all.deb
Size/MD5: 242446 77f527142b4d4ba5de074e24e4c40b8f
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.2-=
0ubuntu1.3_all.deb
Size/MD5: 1107018 0dbc651de63d442652be3dae6eb60bac
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.2-0=
ubuntu1.3_all.deb
Size/MD5: 1357364 ffeeba39751c4d846dedd7f68b236111
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubunt=
u1.3_amd64.deb
Size/MD5: 230062 f32d151342bd2936e5737786d84afb4d
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0=
ubuntu1.3_amd64.deb
Size/MD5: 1754728 717f54c80158df99362fa15fc7675262
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0=
ubuntu1.3_amd64.deb
Size/MD5: 4660546 6803c0dde881db7b106b3157aa4546a6
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.3_amd64.deb
Size/MD5: 613972 a4f2911a092fe319c3484d21f8cd23b9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubunt=
u1.3_i386.deb
Size/MD5: 204022 5503dd4f172149179c10a7fbf015f644
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0=
ubuntu1.3_i386.deb
Size/MD5: 1503360 98ac05ca1f329a7e6d150973d4309c1c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0=
ubuntu1.3_i386.deb
Size/MD5: 4464556 2b2830ae442a2916342ef423658d0e55
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.3_i386.deb
Size/MD5: 559586 ae2c916503d04c5443f7e94df2d78fd1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_lpia.=
deb
Size/MD5: 200652 4ceb5dad8ace3009147da0c4a9e72a36
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_=
lpia.deb
Size/MD5: 1552258 c2d933448089b75d6b183b93623a5fbb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_=
lpia.deb
Size/MD5: 4599392 638b6d2eaead1319f58776241f617580
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_lpia=
.deb
Size/MD5: 553784 550a852c80fb57899a429dee2e8ed51a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_power=
pc.deb
Size/MD5: 235470 97e13f09b0c1be4ca8460089b3462106
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_=
powerpc.deb
Size/MD5: 1790468 72432fac2c37bbe8b245b4f49b14accd
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_=
powerpc.deb
Size/MD5: 4684996 ba2f04783a3055c59b89309f45aaf7cb
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_powe=
rpc.deb
Size/MD5: 619552 e98dedff7d91d7b1e9c36f0d73ad1d24
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_sparc=
.deb
Size/MD5: 217316 4139672f16928314f6fb1ab4a92649f9
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_=
sparc.deb
Size/MD5: 1682752 3660dcc970dc9e6f15cdc4619ffa20a4
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_=
sparc.deb
Size/MD5: 4586880 d2931f64f5b78a1d999c80eeb9c82546
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_spar=
c.deb
Size/MD5: 590742 9dcb513bb95f1a374de48193b5d38137
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.3.diff.gz
Size/MD5: 132541 c77f3f90cc45c046f39d530cfa080021
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.3.dsc
Size/MD5: 1935 8ace33777a3ffe91d97759bb2c255997
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5.orig.=
tar.gz
Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.5-1u=
buntu8.3_all.deb
Size/MD5: 38440 68fb60c8132a5cc683b5533b16882232
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.=
5-1ubuntu8.3_all.deb
Size/MD5: 97546 9b9e3becf081a9a1502e6e7c2f369145
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.=
5-1ubuntu8.3_all.deb
Size/MD5: 245608 da22fe05f8bfd598009949876b375842
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.5-=
1ubuntu8.3_all.deb
Size/MD5: 1150856 c5b88feffc26cea5f989bb842700983d
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.5-1=
ubuntu8.3_all.deb
Size/MD5: 1371436 c3e146ca3f2e9b9e3a1e35e159de39fa
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubunt=
u8.3_amd64.deb
Size/MD5: 235088 6313965554f24edae96d269b8ea5743e
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1=
ubuntu8.3_amd64.deb
Size/MD5: 1769464 2b2735ffe403873bb9ddec66c7489533
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1=
ubuntu8.3_amd64.deb
Size/MD5: 5844998 864aa68cfe5341be94d935e587117790
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.3_amd64.deb
Size/MD5: 567412 359558290269a12016cfae47e6d704d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubunt=
u8.3_i386.deb
Size/MD5: 213596 081632a915de7aed83f5329a8e09893e
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1=
ubuntu8.3_i386.deb
Size/MD5: 1552816 fe9ae42391f21c1062c278d5a0947619
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1=
ubuntu8.3_i386.deb
Size/MD5: 5447566 55fa8f1a1cfd84dd68721055b5e3d59c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.3_i386.deb
Size/MD5: 519330 1ae4aec80e938141ec3cbe35732f75a4
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_lpia.=
deb
Size/MD5: 212130 6ae6d63272086da03f350d8d8d68a0fd
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_=
lpia.deb
Size/MD5: 1613110 d4c1dbe21f394c8296832de692d65cce
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_=
lpia.deb
Size/MD5: 5594480 bcafb8cef0b0cece6a67fd00deed226d
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_lpia=
.deb
Size/MD5: 518524 bd071ffbeeef67ca7372e1743b29efd1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_power=
pc.deb
Size/MD5: 245172 a180211f55d969060d68fdf1546a625f
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_=
powerpc.deb
Size/MD5: 1825558 bc765d890d566e67f308875a3df0c916
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_=
powerpc.deb
Size/MD5: 5758770 3caed5b7d90fd31babc1538b8d7a1462
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_powe=
rpc.deb
Size/MD5: 580986 c20fb6fe4d0c39ffb808e741c97e6104
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_sparc=
.deb
Size/MD5: 214650 5aefec6c79a64ad3660976dd7b4adf97
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_=
sparc.deb
Size/MD5: 1640188 baa4c74f1e28da77dfd45516ce158f3d
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_=
sparc.deb
Size/MD5: 5292090 20d0c003f0e1977ebe20aaef22b3976f
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_spar=
c.deb
Size/MD5: 522162 528d8ae42a85cbf0a56c4ebd9477a8b9
--=-QIxF++3VGIzSmNthOEDq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkpSQqYACgkQLMAs/0C4zNoKTQCfctmqNW0nUb8CTL43akLBtYGU
cmcAn1Q78wmaXgC4E/8uVJWFON6f2fOY
=OZWX
-----END PGP SIGNATURE-----
--=-QIxF++3VGIzSmNthOEDq--