Debian: DSA-2038-2: New pidgin packages fix regression

    Date17 May 2010
    CategoryDebian
    26
    Posted ByLinuxSecurity Advisories
    The packages for Pidgin released as DSA 2038-1 had a regression, as they unintentionally disabled the Zephyr instant messaging protocol. This update restores Zephyr functionality. For reference the original advisory text below.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2038-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    May 17, 2010                          http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : pidgin
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0420 CVE-2010-0423
    Debian Bug     : 566775 579601
    
    The packages for Pidgin released as DSA 2038-1 had a regression, as they
    unintentionally disabled the Zephyr instant messaging protocol. This
    update restores Zephyr functionality. For reference the original
    advisory text below.
    
    Several remote vulnerabilities have been discovered in Pidgin, a multi
    protocol instant messaging client. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2010-0420
    
            Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
    
    CVE-2010-0423
    
            Remote contacts may send too many custom smilies, crashing Pidgin.
    
    Since a few months, Microsoft's servers for MSN have changed the protocol,
    making Pidgin non-functional for use with MSN. It is not feasible to port
    these changes to the version of Pidgin in Debian Lenny. This update
    formalises that situation by disabling the protocol in the client. Users
    of the MSN protocol are advised to use the version of Pidgin in the
    repositories of www.backports.org.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 2.4.3-4lenny7.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.6.6-1.
    
    We recommend that you upgrade your pidgin package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
        Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.diff.gz
        Size/MD5 checksum:    72195 fe0a9dd9d55d642dc77c4f7c678522c8
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.dsc
        Size/MD5 checksum:     1784 300f72738867fcd326db7f836ac47d67
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny7_all.deb
        Size/MD5 checksum:  7019174 3d1e4508e5543441a5d04a31f03b0979
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny7_all.deb
        Size/MD5 checksum:   193842 b2c75fc6891adad16add69903ce9762d
      http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny7_all.deb
        Size/MD5 checksum:   159766 5bb66c4efe6c67eeb33297738799a831
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny7_all.deb
        Size/MD5 checksum:   133930 c25806d1d9a07c49c5a3b2fd0b83964c
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny7_all.deb
        Size/MD5 checksum:   277224 c169cf3a82bb6a0faf1d285a7377b695
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_alpha.deb
        Size/MD5 checksum:  1501864 9aa23188e1610834d035e88fd30308b8
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_alpha.deb
        Size/MD5 checksum:   369772 a8eb912226cf47f5f74892f0b1110cc4
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_alpha.deb
        Size/MD5 checksum:   776646 bf0f80658559ab3e4c22356dd47d809d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_alpha.deb
        Size/MD5 checksum:  4989752 30e054746fff6d56a9e3b288039ff6c9
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_amd64.deb
        Size/MD5 checksum:   727950 57554918978a95ea250a8494c9aab433
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_amd64.deb
        Size/MD5 checksum:  1429960 2779007da91fe74a1304f3263cd7d53e
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_amd64.deb
        Size/MD5 checksum:   348100 d01043df40ed1861c63043b44289984d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_amd64.deb
        Size/MD5 checksum:  5101892 af2ea1456eb390f3930e6164108a9c7f
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_arm.deb
        Size/MD5 checksum:   316624 290e5d8fa14bcc09dde3ce6d326d84bd
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_arm.deb
        Size/MD5 checksum:   657416 1997d30109a1c86c6c8979ff2e0511ee
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_arm.deb
        Size/MD5 checksum:  4835872 9f2aaef6679c3b2e27a73240799a7ffa
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_arm.deb
        Size/MD5 checksum:  1239516 640fd3ff6c91ac45820581df86965af8
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_armel.deb
        Size/MD5 checksum:   668000 b0bc286a8e2d74a033ac69b5ed234e6e
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_armel.deb
        Size/MD5 checksum:  1243880 88c529b8e9178969c3a3a13e1a8e3230
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_armel.deb
        Size/MD5 checksum:   319962 72d956d2c3b6b04dc0aed07e6d99e944
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_armel.deb
        Size/MD5 checksum:  4851712 6134571c92b5495489555c01fc4a6d51
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_hppa.deb
        Size/MD5 checksum:  1522820 023def8c7a3051e1d15030347c99e99d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_hppa.deb
        Size/MD5 checksum:   752858 43129b10ef60136293b349614a662972
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_hppa.deb
        Size/MD5 checksum:  4943738 9cc7aee5d06445b07cceb81efa3ba30d
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_hppa.deb
        Size/MD5 checksum:   360748 353f5caf6903c89a3bdd482dd6a520e6
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_i386.deb
        Size/MD5 checksum:   681390 82c10195fb937a47a113940fa93dbdb5
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_i386.deb
        Size/MD5 checksum:  4837960 416ddcf7b18e7b2a474fa56731a93f7b
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_i386.deb
        Size/MD5 checksum:   326994 06bb2fefdc9ea9dce38a5481f33dcdf5
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_i386.deb
        Size/MD5 checksum:  1317496 9218b0b46b8716781d80133e77194170
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_ia64.deb
        Size/MD5 checksum:  1821990 87c03b5c08d97b8c8ae2a573ecd3cecb
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_ia64.deb
        Size/MD5 checksum:   435010 22dee93a1714c2654ec0dfaa8705cfe2
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_ia64.deb
        Size/MD5 checksum:  4706272 6e0b0c3291dceb229522e1de229e3361
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_ia64.deb
        Size/MD5 checksum:   948766 ddf4cff0ac25735e5d18edcbeb970bf4
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mips.deb
        Size/MD5 checksum:  1117676 eb4a88cc934233faafebdcebc1171bc3
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mips.deb
        Size/MD5 checksum:   319576 4ad4d7a878a0d5daaff189da549c4638
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mips.deb
        Size/MD5 checksum:  5087780 9ebfc36f1749b61ab7a4fe70d0770f88
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mips.deb
        Size/MD5 checksum:   654936 d63bd6a67138596ef85b7a3259fceee7
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mipsel.deb
        Size/MD5 checksum:  4999390 ad6121a42731cb360d76b6fe67180924
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mipsel.deb
        Size/MD5 checksum:   318598 8b0b8f40209b828098f6ed000c517f65
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mipsel.deb
        Size/MD5 checksum:  1108760 4e9f79966b7fa0df677a1a5952488e62
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mipsel.deb
        Size/MD5 checksum:   651474 7b24d4210caaf4d27b9b3863393bffd6
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_powerpc.deb
        Size/MD5 checksum:  1470622 c51b3531cc31005e58feac25f8606bd3
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_powerpc.deb
        Size/MD5 checksum:  5052846 986c8a8ac0ccd3399393bceda957656f
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_powerpc.deb
        Size/MD5 checksum:   362770 f00c1a33b3598333dfc4ae9d61bf1d83
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_powerpc.deb
        Size/MD5 checksum:   755104 ae81b0387a32b162fb30ac425dc4ad43
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_s390.deb
        Size/MD5 checksum:  5014182 c093e4c7e6e3b6132a8145a35e88c3fb
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_s390.deb
        Size/MD5 checksum:   359260 919eb5ad29cb280d84ef36b2c45273b9
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_s390.deb
        Size/MD5 checksum:  1351418 a94314c09692e3a9350b8bd1684843bc
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_s390.deb
        Size/MD5 checksum:   718026 52121ab6cf237545c29f10826b98894b
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_sparc.deb
        Size/MD5 checksum:  4639296 f38822c989d40d124d82abc53ae42d38
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_sparc.deb
        Size/MD5 checksum:   328662 f5fe4eb9c81b2aa8d335b983288902dd
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_sparc.deb
        Size/MD5 checksum:   683246 d37d198e8bb1d5c3f98521dcc0a43c24
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_sparc.deb
        Size/MD5 checksum:  1323820 54026420c5be2e153e7a8ffbcb70b5cd
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.