Debian: DSA-2038-1: New pidgin packages fix denial of service

    Date18 Apr 2010
    CategoryDebian
    32
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2038-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    April 18, 2010                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : pidgin
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0420 CVE-2010-0423
    Debian Bug     : 566775
    
    Several remote vulnerabilities have been discovered in Pidgin, a multi
    protocol instant messaging client. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2010-0420
    
    	Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
    
    CVE-2010-0423
    
    	Remote contacts may send too many custom smilies, crashing Pidgin.
    
    Since a few months, Microsoft's servers for MSN have changed the protocol,
    making Pidgin non-functional for use with MSN. It is not feasible to port
    these changes to the version of Pidgin in Debian Lenny. This update
    formalises that situation by disabling the protocol in the client. Users
    of the MSN protocol are advised to use the version of Pidgin in the
    repositories of www.backports.org.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 2.4.3-4lenny6.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.6.6-1.
    
    We recommend that you upgrade your pidgin package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
        Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc
        Size/MD5 checksum:     1784 f640f8119ef901c7be009232c6dfee05
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz
        Size/MD5 checksum:    72144 85217de41bcd069748eb441886cdfab9
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb
        Size/MD5 checksum:  7019074 1c79c0da4c115e2699d577b957c4e541
      http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb
        Size/MD5 checksum:   159726 c657bace836fb1d4f3c04c57bdcd7e19
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb
        Size/MD5 checksum:   133894 49e2b54dcad5a2b40705478118da2d72
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb
        Size/MD5 checksum:   277220 9517eadf780382575efcd57ba9dc308b
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb
        Size/MD5 checksum:   193802 b05666d23964d0d28646dc49a85de940
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_alpha.deb
        Size/MD5 checksum:  1477324 c6c9e6753f98159748b9e0116bb40df3
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb
        Size/MD5 checksum:   776550 1334935aee6756fdc1b6e1702cabe0b3
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_alpha.deb
        Size/MD5 checksum:   369734 f54c236b4aa7e94d33da983f042bd82b
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_alpha.deb
        Size/MD5 checksum:  4952616 ac34a66c4b19a7dd23b1fa0240c07f97
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb
        Size/MD5 checksum:   727918 e6447c0efc4f5c490bc806f00840b075
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb
        Size/MD5 checksum:  1406192 68711767e43c6a0722b8b4d5ed59843a
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb
        Size/MD5 checksum:  5067988 c430e8ff4e8b13830c71da4f6948a4f6
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb
        Size/MD5 checksum:   348062 042092eae5df409b1b39ae96a6a5b856
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_arm.deb
        Size/MD5 checksum:  1217972 2b2879660723d31097c9a535e14c177d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb
        Size/MD5 checksum:   657362 27313370246e22f31b6439981062dda7
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_arm.deb
        Size/MD5 checksum:   316578 36a170a849ca166bcfe9b457f85b9cdb
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_arm.deb
        Size/MD5 checksum:  4799502 e4689175bb1d17cb942ed50c7d091315
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_armel.deb
        Size/MD5 checksum:   668088 714b556255126c810659f203ffb93db1
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb
        Size/MD5 checksum:  1221012 bbcb58abd9f04c1ba2df16bfce74e29c
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_armel.deb
        Size/MD5 checksum:   319790 b7c9ae4c8cfe107744523c44926375a4
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_armel.deb
        Size/MD5 checksum:  4821838 ca27cf7101ca23de2ab36cd0c21360d0
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_hppa.deb
        Size/MD5 checksum:  1495046 d445e1cb5e3500fc9970b1099ba14227
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb
        Size/MD5 checksum:   754250 64d22a1f7c7b9c920360f325749ab0fe
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_hppa.deb
        Size/MD5 checksum:   361568 d77edf95828aec4d0347f548e0b0a108
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_hppa.deb
        Size/MD5 checksum:  4906668 1208501055cffef75023543a72c956ce
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_i386.deb
        Size/MD5 checksum:  4809696 f6df7ed8178ad450886c4d19284e1c04
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb
        Size/MD5 checksum:   326412 fb3dff6c0627b67e9710630906c770a9
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_i386.deb
        Size/MD5 checksum:  1290792 b0eaca04079ad13798d350ec18ad41b5
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_i386.deb
        Size/MD5 checksum:   679712 d946170d5d259c120f909285c48294fb
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_ia64.deb
        Size/MD5 checksum:  4669414 5273183a49a9b6e334963816871d6ce0
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb
        Size/MD5 checksum:   434978 e4750a60b59c31a868dd0ebda33c96f2
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_ia64.deb
        Size/MD5 checksum:   948754 2b9ce7e253458ce9f7511ba26ece0b90
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_ia64.deb
        Size/MD5 checksum:  1789606 a2e654bacaaaef9fece43aaa2e33b420
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mips.deb
        Size/MD5 checksum:   654450 edbc24d8f35a894a3d301a751d2d8977
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb
        Size/MD5 checksum:  1096044 d88283ec19ea5d867e7d28325744d8fb
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mips.deb
        Size/MD5 checksum:   318672 ed52e8ecafb8e410eab3194914b4014d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mips.deb
        Size/MD5 checksum:  5054324 9ddbd413029130c610512f25aa230553
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mipsel.deb
        Size/MD5 checksum:   651410 89e26238fc91f1f75376d29a009cd751
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb
        Size/MD5 checksum:   318572 4992c5f4f4bce500db6b3792295ad0c2
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mipsel.deb
        Size/MD5 checksum:  4963322 2d397b0c64352a1a1e94534c0d0cf4de
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mipsel.deb
        Size/MD5 checksum:  1086788 afb54d1620a692cb6273dbb9e3a67908
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_powerpc.deb
        Size/MD5 checksum:  5014910 acaaacb4532ae1176e628b23aaae74fe
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb
        Size/MD5 checksum:   362722 2824883e0fb35a6b758d89188d0be39d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_powerpc.deb
        Size/MD5 checksum:   755056 890358f5bc3215a5ab59609d8bd0c1d1
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_powerpc.deb
        Size/MD5 checksum:  1445264 d5961438dc2a8c4798e815009792fab5
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_s390.deb
        Size/MD5 checksum:  1326506 9a6b8060e2710587d17477c4b976922a
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb
        Size/MD5 checksum:   717976 970f51fbc28082cc53af9ddc1bb183c1
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_s390.deb
        Size/MD5 checksum:   359214 3eca65b1913b2db015f7d5c75157e5c6
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_s390.deb
        Size/MD5 checksum:  4977082 e7bfcd7d662c5c41d860baabddac9c37
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_sparc.deb
        Size/MD5 checksum:  1302702 f550e43bfd0aa9bf89d6768eb2bf3966
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb
        Size/MD5 checksum:   329408 54fdcf6f005a936007201e8ef5a49e4c
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_sparc.deb
        Size/MD5 checksum:  4611594 b6124b51dd98dba2e1194295fc46002e
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_sparc.deb
        Size/MD5 checksum:   683284 f744d4b6e674fff37a0e00c1656db64e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":32,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.