Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2038-1: New pidgin packages fix denial of service

    Posted By
    Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2038-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                          Thijs Kinkhorst
    April 18, 2010              
    - ------------------------------------------------------------------------
    Package        : pidgin
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0420 CVE-2010-0423
    Debian Bug     : 566775
    Several remote vulnerabilities have been discovered in Pidgin, a multi
    protocol instant messaging client. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    	Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
    	Remote contacts may send too many custom smilies, crashing Pidgin.
    Since a few months, Microsoft's servers for MSN have changed the protocol,
    making Pidgin non-functional for use with MSN. It is not feasible to port
    these changes to the version of Pidgin in Debian Lenny. This update
    formalises that situation by disabling the protocol in the client. Users
    of the MSN protocol are advised to use the version of Pidgin in the
    repositories of
    For the stable distribution (lenny), these problems have been fixed in
    version 2.4.3-4lenny6.
    For the unstable distribution (sid), these problems have been fixed in
    version 2.6.6-1.
    We recommend that you upgrade your pidgin package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Source archives:
        Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
        Size/MD5 checksum:     1784 f640f8119ef901c7be009232c6dfee05
        Size/MD5 checksum:    72144 85217de41bcd069748eb441886cdfab9
    Architecture independent packages:
        Size/MD5 checksum:  7019074 1c79c0da4c115e2699d577b957c4e541
        Size/MD5 checksum:   159726 c657bace836fb1d4f3c04c57bdcd7e19
        Size/MD5 checksum:   133894 49e2b54dcad5a2b40705478118da2d72
        Size/MD5 checksum:   277220 9517eadf780382575efcd57ba9dc308b
        Size/MD5 checksum:   193802 b05666d23964d0d28646dc49a85de940
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:  1477324 c6c9e6753f98159748b9e0116bb40df3
        Size/MD5 checksum:   776550 1334935aee6756fdc1b6e1702cabe0b3
        Size/MD5 checksum:   369734 f54c236b4aa7e94d33da983f042bd82b
        Size/MD5 checksum:  4952616 ac34a66c4b19a7dd23b1fa0240c07f97
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   727918 e6447c0efc4f5c490bc806f00840b075
        Size/MD5 checksum:  1406192 68711767e43c6a0722b8b4d5ed59843a
        Size/MD5 checksum:  5067988 c430e8ff4e8b13830c71da4f6948a4f6
        Size/MD5 checksum:   348062 042092eae5df409b1b39ae96a6a5b856
    arm architecture (ARM)
        Size/MD5 checksum:  1217972 2b2879660723d31097c9a535e14c177d
        Size/MD5 checksum:   657362 27313370246e22f31b6439981062dda7
        Size/MD5 checksum:   316578 36a170a849ca166bcfe9b457f85b9cdb
        Size/MD5 checksum:  4799502 e4689175bb1d17cb942ed50c7d091315
    armel architecture (ARM EABI)
        Size/MD5 checksum:   668088 714b556255126c810659f203ffb93db1
        Size/MD5 checksum:  1221012 bbcb58abd9f04c1ba2df16bfce74e29c
        Size/MD5 checksum:   319790 b7c9ae4c8cfe107744523c44926375a4
        Size/MD5 checksum:  4821838 ca27cf7101ca23de2ab36cd0c21360d0
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:  1495046 d445e1cb5e3500fc9970b1099ba14227
        Size/MD5 checksum:   754250 64d22a1f7c7b9c920360f325749ab0fe
        Size/MD5 checksum:   361568 d77edf95828aec4d0347f548e0b0a108
        Size/MD5 checksum:  4906668 1208501055cffef75023543a72c956ce
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  4809696 f6df7ed8178ad450886c4d19284e1c04
        Size/MD5 checksum:   326412 fb3dff6c0627b67e9710630906c770a9
        Size/MD5 checksum:  1290792 b0eaca04079ad13798d350ec18ad41b5
        Size/MD5 checksum:   679712 d946170d5d259c120f909285c48294fb
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:  4669414 5273183a49a9b6e334963816871d6ce0
        Size/MD5 checksum:   434978 e4750a60b59c31a868dd0ebda33c96f2
        Size/MD5 checksum:   948754 2b9ce7e253458ce9f7511ba26ece0b90
        Size/MD5 checksum:  1789606 a2e654bacaaaef9fece43aaa2e33b420
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   654450 edbc24d8f35a894a3d301a751d2d8977
        Size/MD5 checksum:  1096044 d88283ec19ea5d867e7d28325744d8fb
        Size/MD5 checksum:   318672 ed52e8ecafb8e410eab3194914b4014d
        Size/MD5 checksum:  5054324 9ddbd413029130c610512f25aa230553
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:   651410 89e26238fc91f1f75376d29a009cd751
        Size/MD5 checksum:   318572 4992c5f4f4bce500db6b3792295ad0c2
        Size/MD5 checksum:  4963322 2d397b0c64352a1a1e94534c0d0cf4de
        Size/MD5 checksum:  1086788 afb54d1620a692cb6273dbb9e3a67908
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  5014910 acaaacb4532ae1176e628b23aaae74fe
        Size/MD5 checksum:   362722 2824883e0fb35a6b758d89188d0be39d
        Size/MD5 checksum:   755056 890358f5bc3215a5ab59609d8bd0c1d1
        Size/MD5 checksum:  1445264 d5961438dc2a8c4798e815009792fab5
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  1326506 9a6b8060e2710587d17477c4b976922a
        Size/MD5 checksum:   717976 970f51fbc28082cc53af9ddc1bb183c1
        Size/MD5 checksum:   359214 3eca65b1913b2db015f7d5c75157e5c6
        Size/MD5 checksum:  4977082 e7bfcd7d662c5c41d860baabddac9c37
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:  1302702 f550e43bfd0aa9bf89d6768eb2bf3966
        Size/MD5 checksum:   329408 54fdcf6f005a936007201e8ef5a49e4c
        Size/MD5 checksum:  4611594 b6124b51dd98dba2e1194295fc46002e
        Size/MD5 checksum:   683284 f744d4b6e674fff37a0e00c1656db64e
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.