-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:148 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pidgin Date : August 12, 2010 Affected: 2008.0, 2009.0, 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A security vulnerability has been identified and fixed in pidgin: The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element (CVE-2010-2528). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. This update provides pidgin 2.7.3, which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528 http://pidgin.im/news/security/ _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e4fd99a595641b265da0fd1dc6d1ffcf 2008.0/i586/finch-2.7.3-0.1mdv2008.0.i586.rpm 35d3eec60d6aee7cc349716c8e7bac52 2008.0/i586/libfinch0-2.7.3-0.1mdv2008.0.i586.rpm 562cfc92fb2c554bafaf09a8ef2944fb 2008.0/i586/libpurple0-2.7.3-0.1mdv2008.0.i586.rpm a8a8569334d7974e5fbe194f36d358a4 2008.0/i586/libpurple-devel-2.7.3-0.1mdv2008.0.i586.rpm b02ab7ea47017ff8cbf084ee4405ea22 2008.0/i586/pidgin-2.7.3-0.1mdv2008.0.i586.rpm 072207a6fd1e05838ae680e9203269d1 2008.0/i586/pidgin-bonjour-2.7.3-0.1mdv2008.0.i586.rpm e6d3f52740bed9569021e1b153a6b53f 2008.0/i586/pidgin-client-2.7.3-0.1mdv2008.0.i586.rpm a9f3bef0bfe4b85d41e313ebb225295a 2008.0/i586/pidgin-gevolution-2.7.3-0.1mdv2008.0.i586.rpm fa1743cfca50eea23b441ca4e8a5f50b 2008.0/i586/pidgin-i18n-2.7.3-0.1mdv2008.0.i586.rpm e0d5bd6ab76c0b17951b82f88e7e956c 2008.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2008.0.i586.rpm f92bc4ee72d729f26f9ab7e2f385470f 2008.0/i586/pidgin-perl-2.7.3-0.1mdv2008.0.i586.rpm 32addf782d1a19b1fd40bfe73e51d357 2008.0/i586/pidgin-plugins-2.7.3-0.1mdv2008.0.i586.rpm 3d4a5d5b7e705dfdf5fe41ea39b75565 2008.0/i586/pidgin-silc-2.7.3-0.1mdv2008.0.i586.rpm 79b6080156d8e4688aa297e96d551c7a 2008.0/i586/pidgin-tcl-2.7.3-0.1mdv2008.0.i586.rpm ef57d4556f401871ea93163d0f6ff51a 2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 2d04ae11eca52b5220f2fa6fbba33717 2008.0/x86_64/finch-2.7.3-0.1mdv2008.0.x86_64.rpm 1250c66561ceaba90237aed7e2a98356 2008.0/x86_64/lib64finch0-2.7.3-0.1mdv2008.0.x86_64.rpm d2256ba7ef4f44a4c0627d2ce1b6b162 2008.0/x86_64/lib64purple0-2.7.3-0.1mdv2008.0.x86_64.rpm 5e1d536a439a01a8dcc1ed5197ebd280 2008.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2008.0.x86_64.rpm ec9efec4fa7319a3e5d42a4d43ca7781 2008.0/x86_64/pidgin-2.7.3-0.1mdv2008.0.x86_64.rpm c7f7c07bcf9ecaf6358a7740c4b22cbd 2008.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2008.0.x86_64.rpm 4ee28141dbb69a8be25c40fc7930269c 2008.0/x86_64/pidgin-client-2.7.3-0.1mdv2008.0.x86_64.rpm 6d8ebdb3204364475461e0ae1c01d2bf 2008.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2008.0.x86_64.rpm d0c676e49c53364da58807fa2cad0a04 2008.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2008.0.x86_64.rpm 2dd48faece804b4d8dd46f8059cc877e 2008.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2008.0.x86_64.rpm f68b63989cfc13e9670cb75b9479b2f8 2008.0/x86_64/pidgin-perl-2.7.3-0.1mdv2008.0.x86_64.rpm ad286ee88a4acea3d1b0f4425d3582f5 2008.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2008.0.x86_64.rpm d09967081926011d47e31dad0a6c2f89 2008.0/x86_64/pidgin-silc-2.7.3-0.1mdv2008.0.x86_64.rpm 1eb27150d5f14d5f46299e4c56a56904 2008.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2008.0.x86_64.rpm ef57d4556f401871ea93163d0f6ff51a 2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm Mandriva Linux 2009.0: 076963b985c194b076f9d86f05aaac0b 2009.0/i586/finch-2.7.3-0.1mdv2009.0.i586.rpm f6b17accc5a30052f0ca5b2ea2aad709 2009.0/i586/libfinch0-2.7.3-0.1mdv2009.0.i586.rpm 40f0de67c47f31565b67b75f5bef3898 2009.0/i586/libpurple0-2.7.3-0.1mdv2009.0.i586.rpm 6b8eda06a712c0c37984bcaae5e6fb6a 2009.0/i586/libpurple-devel-2.7.3-0.1mdv2009.0.i586.rpm 0ab13eac41ff8ef93701c8d7cad6f901 2009.0/i586/pidgin-2.7.3-0.1mdv2009.0.i586.rpm 072166d9e8ea9e474d47fc39ddb1991b 2009.0/i586/pidgin-bonjour-2.7.3-0.1mdv2009.0.i586.rpm 1129d2755380e21e66aff39b466ff517 2009.0/i586/pidgin-client-2.7.3-0.1mdv2009.0.i586.rpm 80a6c489a6dca369399077393e70febf 2009.0/i586/pidgin-gevolution-2.7.3-0.1mdv2009.0.i586.rpm 438f4448c4290b76b0e0b7dc7db64ded 2009.0/i586/pidgin-i18n-2.7.3-0.1mdv2009.0.i586.rpm fc9c63394102d193848a5b72dbb233a6 2009.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2009.0.i586.rpm cbe8886303178eaa539cacbe4c00d3a4 2009.0/i586/pidgin-perl-2.7.3-0.1mdv2009.0.i586.rpm cc8264e62c50f01d9e1abe02a241bf5c 2009.0/i586/pidgin-plugins-2.7.3-0.1mdv2009.0.i586.rpm c5a98ff8dd78ffe3e0862f076be82670 2009.0/i586/pidgin-silc-2.7.3-0.1mdv2009.0.i586.rpm 2b737da515c5b4690fe669e7714e7666 2009.0/i586/pidgin-tcl-2.7.3-0.1mdv2009.0.i586.rpm 912b7ded0fe3a1d3379dcc35b1c71a19 2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 6fd5c7fffca5a8c448630f03576bf71f 2009.0/x86_64/finch-2.7.3-0.1mdv2009.0.x86_64.rpm aac333dfc0acea060e03729538ac3aa3 2009.0/x86_64/lib64finch0-2.7.3-0.1mdv2009.0.x86_64.rpm e732962dcf319f252cdcc50be8d4e641 2009.0/x86_64/lib64purple0-2.7.3-0.1mdv2009.0.x86_64.rpm d76c51a9439d5c3db513ade1ebf7ef96 2009.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2009.0.x86_64.rpm 8e0c47428aea00708afdb0629b33b181 2009.0/x86_64/pidgin-2.7.3-0.1mdv2009.0.x86_64.rpm 1f0324d68b1dff46ac295eb10c05e850 2009.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2009.0.x86_64.rpm 2e326154cf2284f49d227a4cec970cc2 2009.0/x86_64/pidgin-client-2.7.3-0.1mdv2009.0.x86_64.rpm 2e36dc2d96f024df021e7acbbec0e70e 2009.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2009.0.x86_64.rpm 7419ec6a5bd4181042478ce21fdddfce 2009.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2009.0.x86_64.rpm 7ceaa4c90816f0307b4831c38e0e679f 2009.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2009.0.x86_64.rpm 266280938d9597dea48f53e8acc37348 2009.0/x86_64/pidgin-perl-2.7.3-0.1mdv2009.0.x86_64.rpm 2154dd887732ff4b06f33d961baf4507 2009.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2009.0.x86_64.rpm 0a774bbb60f2e6303999f846f8ffaee2 2009.0/x86_64/pidgin-silc-2.7.3-0.1mdv2009.0.x86_64.rpm d10318a6d1a7a7fe5193c974eeec1959 2009.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2009.0.x86_64.rpm 912b7ded0fe3a1d3379dcc35b1c71a19 2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 8fda37f89816a43c013723c6af25e191 2010.0/i586/finch-2.7.3-0.1mdv2010.0.i586.rpm acc1b447c04b2d0bc3bc294b6ad05ed1 2010.0/i586/libfinch0-2.7.3-0.1mdv2010.0.i586.rpm 3714427fac881efce00130311225090e 2010.0/i586/libpurple0-2.7.3-0.1mdv2010.0.i586.rpm ede8ed501bc9a8d9fc2125c02c714ab5 2010.0/i586/libpurple-devel-2.7.3-0.1mdv2010.0.i586.rpm cca38e55bc6bcd6ed77e12aa9440dc2f 2010.0/i586/pidgin-2.7.3-0.1mdv2010.0.i586.rpm 442b92aadcd7218a4166b16e56079d11 2010.0/i586/pidgin-bonjour-2.7.3-0.1mdv2010.0.i586.rpm b6d3272ae774a5d961108819c0229c66 2010.0/i586/pidgin-client-2.7.3-0.1mdv2010.0.i586.rpm 0ea8d73839491023323448aa5b0e1991 2010.0/i586/pidgin-i18n-2.7.3-0.1mdv2010.0.i586.rpm 2e22a31b0a218199641e7a30be2e8ccf 2010.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.0.i586.rpm b5282c4d9735b3ee81011c93527c539b 2010.0/i586/pidgin-perl-2.7.3-0.1mdv2010.0.i586.rpm c4e7719491ce0456df312cdb9f52cd5b 2010.0/i586/pidgin-plugins-2.7.3-0.1mdv2010.0.i586.rpm f71fd2e28c33d8213d8c7380137255de 2010.0/i586/pidgin-silc-2.7.3-0.1mdv2010.0.i586.rpm 0cbf0fdba22b49ac756cf59a5e49f1ec 2010.0/i586/pidgin-tcl-2.7.3-0.1mdv2010.0.i586.rpm 68155307c48ba4c4d83f8337f299d5b0 2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 6987ee958cdfa7012b2e90beb2266d4f 2010.0/x86_64/finch-2.7.3-0.1mdv2010.0.x86_64.rpm 068a1712e8ddabb43193342727011a3a 2010.0/x86_64/lib64finch0-2.7.3-0.1mdv2010.0.x86_64.rpm 5696ffec1f7ebecc1d09794aad3f2f69 2010.0/x86_64/lib64purple0-2.7.3-0.1mdv2010.0.x86_64.rpm 369f365b0beab8b4d12dc818c087f069 2010.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.0.x86_64.rpm a55cf9816776743e3defaff99d48d95e 2010.0/x86_64/pidgin-2.7.3-0.1mdv2010.0.x86_64.rpm 3e3297eff0fe50da1afb133fc1c6e92b 2010.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.0.x86_64.rpm 065c08529e685dc76b312c7084e74549 2010.0/x86_64/pidgin-client-2.7.3-0.1mdv2010.0.x86_64.rpm 3948da49ef61b00c01f614d9631c7268 2010.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.0.x86_64.rpm a33bd79c0c77d48070ce251864a01867 2010.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.0.x86_64.rpm 16891e8ef38a4e196d75658fda987cfb 2010.0/x86_64/pidgin-perl-2.7.3-0.1mdv2010.0.x86_64.rpm acd69903970f0fedc7fed460dce20f3d 2010.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.0.x86_64.rpm 488a28dc35c30d692beed85f1958266e 2010.0/x86_64/pidgin-silc-2.7.3-0.1mdv2010.0.x86_64.rpm 329f3dbfe3c1270d69512fc35714f006 2010.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.0.x86_64.rpm 68155307c48ba4c4d83f8337f299d5b0 2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 74579b9daf7829cf473571a5046d2683 2010.1/i586/finch-2.7.3-0.1mdv2010.1.i586.rpm 49ff1a21cedb2887d87fcc8c2c01903f 2010.1/i586/libfinch0-2.7.3-0.1mdv2010.1.i586.rpm 942900adb56a0c155e1c25afc80f04fb 2010.1/i586/libpurple0-2.7.3-0.1mdv2010.1.i586.rpm 0d74232f3f1f22548f88d675e38eaae3 2010.1/i586/libpurple-devel-2.7.3-0.1mdv2010.1.i586.rpm 0e5e69388f92f48ffcdd5ca6f0c4a05f 2010.1/i586/pidgin-2.7.3-0.1mdv2010.1.i586.rpm 8c420084dcee03e585723613c54a03c5 2010.1/i586/pidgin-bonjour-2.7.3-0.1mdv2010.1.i586.rpm 6d39b7f80cfc84316569a93b68e20ffe 2010.1/i586/pidgin-client-2.7.3-0.1mdv2010.1.i586.rpm ed4eecd54f2560d3037d0b738ba06140 2010.1/i586/pidgin-i18n-2.7.3-0.1mdv2010.1.i586.rpm 9309a8693cf0d00a5dbcc3037593388f 2010.1/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.1.i586.rpm 54e73fbbe5170751735b2f09b63b1d9b 2010.1/i586/pidgin-perl-2.7.3-0.1mdv2010.1.i586.rpm ab16c9a8c76c7b4ad2aa4a63330aa555 2010.1/i586/pidgin-plugins-2.7.3-0.1mdv2010.1.i586.rpm 5462004ddf391342ac46960d3a5dc36e 2010.1/i586/pidgin-silc-2.7.3-0.1mdv2010.1.i586.rpm e7a46f75407c2063eefad440a9e47c5a 2010.1/i586/pidgin-tcl-2.7.3-0.1mdv2010.1.i586.rpm cc27820d6d975f3c6fe20aac044e2e2d 2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: f8ce165cae621ff31464867ef708689c 2010.1/x86_64/finch-2.7.3-0.1mdv2010.1.x86_64.rpm 038394859f480b54771c5fefe1548ada 2010.1/x86_64/lib64finch0-2.7.3-0.1mdv2010.1.x86_64.rpm 02de0ec7c1015454e305c964ddb1f3e8 2010.1/x86_64/lib64purple0-2.7.3-0.1mdv2010.1.x86_64.rpm 211875f94eb95d77a25f5472872ffb5e 2010.1/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.1.x86_64.rpm d791f06b45f23499cf68aa0583474b11 2010.1/x86_64/pidgin-2.7.3-0.1mdv2010.1.x86_64.rpm 25089f1e1ec99d85ebb03208c7e253cf 2010.1/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.1.x86_64.rpm ec80ddd3ae86895e9ec2cc87765b7756 2010.1/x86_64/pidgin-client-2.7.3-0.1mdv2010.1.x86_64.rpm f99811c01f4875a2a556a7db55dfbe77 2010.1/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.1.x86_64.rpm cc1d0b1c8006eff3e74e0731c35f5b12 2010.1/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.1.x86_64.rpm bcdd432df8cf71099a423afb467cbc10 2010.1/x86_64/pidgin-perl-2.7.3-0.1mdv2010.1.x86_64.rpm 68ee77089e6ec4014107275d70927710 2010.1/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.1.x86_64.rpm c3e39492df9753e1865363463cac0479 2010.1/x86_64/pidgin-silc-2.7.3-0.1mdv2010.1.x86_64.rpm 125602a2b6ee373f7a45ca8079b5ff2b 2010.1/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.1.x86_64.rpm cc27820d6d975f3c6fe20aac044e2e2d 2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMY9opmqjQ0CJFipgRAnq3AKCNoeB1p0p38DiqexwLcQnK3ZksJwCaAhjV kcVYAorP1VH1YehF4uox/6g= =WyEv -----END PGP SIGNATURE-----
