Debian: DSA-2038-3: New pidgin packages fix regression

    Date13 Nov 2010
    CategoryDebian
    29
    Posted ByLinuxSecurity Advisories
    The packages for Pidgin released as DSA 2038-2 had a regression, as they unintentionally disabled the Silc, Simple, and Yahoo instant messaging protocols. This update restore that functionality. For reference the original advisory text below.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2038-3                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    November 13, 2010                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : pidgin
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0420 CVE-2010-0423
    Debian Bug     : 566775 579601
    
    The packages for Pidgin released as DSA 2038-2 had a regression, as they
    unintentionally disabled the Silc, Simple, and Yahoo instant messaging
    protocols. This update restore that functionality. For reference the
    original advisory text below.
    
    Several remote vulnerabilities have been discovered in Pidgin, a multi
    protocol instant messaging client. The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2010-0420
    
            Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
    
    CVE-2010-0423
    
            Remote contacts may send too many custom smilies, crashing Pidgin.
    
    Since a few months, Microsoft's servers for MSN have changed the protocol,
    making Pidgin non-functional for use with MSN. It is not feasible to port
    these changes to the version of Pidgin in Debian Lenny. This update
    formalises that situation by disabling the protocol in the client. Users
    of the MSN protocol are advised to use the version of Pidgin in the
    repositories of www.backports.org.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 2.4.3-4lenny8.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.6.6-1.
    
    We recommend that you upgrade your pidgin package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
        Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.diff.gz
        Size/MD5 checksum:    72269 0119701838d8ad1cdeac7ce4c91bae65
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.dsc
        Size/MD5 checksum:     1769 ad33ad23693b546e86e0912e88a4ea12
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny8_all.deb
        Size/MD5 checksum:   278150 84022a327404419ae540f3f3bc427e3b
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny8_all.deb
        Size/MD5 checksum:   133688 16372c01693c7744ff48f411aaaac5a2
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny8_all.deb
        Size/MD5 checksum:  7014900 c2c210652333d77e3573be4a8a699c9b
      http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny8_all.deb
        Size/MD5 checksum:   159954 51bde77053b4ea6e14b1442bf1a1607d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny8_all.deb
        Size/MD5 checksum:   194580 a7dde485b3f5d3e4893ceb2a22ee47aa
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_alpha.deb
        Size/MD5 checksum:  5315572 1cf0367c5e3881549bac1a4fe45aa5eb
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_alpha.deb
        Size/MD5 checksum:   371260 ba6898cf2c154319bffcc9cd6d4cd4a7
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_alpha.deb
        Size/MD5 checksum:   777478 228be5cdb1f26820e5f5348096f3c3ee
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_alpha.deb
        Size/MD5 checksum:  1719898 c04983751b915ceeef5a2d884edddcfd
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_amd64.deb
        Size/MD5 checksum:  1633712 927a05948c7ea50b4ff1515820495093
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_amd64.deb
        Size/MD5 checksum:   347692 4bea6a2d558defbfc9cf1bee25ec4a4d
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_amd64.deb
        Size/MD5 checksum:   727282 b148a28348d91d43e78b02798893bb6a
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_amd64.deb
        Size/MD5 checksum:  5428234 ab7cc975d13b3abd8faa2498896d8d44
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_arm.deb
        Size/MD5 checksum:  5118248 e2f34bded56a07650f91e119cd739c7b
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_arm.deb
        Size/MD5 checksum:   315658 18a22ae56dab911aa7c8667db51afbc4
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_arm.deb
        Size/MD5 checksum:   655810 200950fcc1f558d92e50fda7f494ea0b
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_arm.deb
        Size/MD5 checksum:  1422998 1e4c635bdba06539a081b1c6f422b1d2
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_armel.deb
        Size/MD5 checksum:  1430694 4c96fa5a80593ddf0c3e4f998173bdcf
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_armel.deb
        Size/MD5 checksum:   667108 330bd6dcb19da7bb1ce21013f035ae32
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_armel.deb
        Size/MD5 checksum:  5152254 6b61008ee4337db73612d4943ed756e6
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_armel.deb
        Size/MD5 checksum:   319130 56c3e97232ceb5fed1688dff1c6b07f2
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_hppa.deb
        Size/MD5 checksum:  5249334 f9380ac4d099646026092869254f36af
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_hppa.deb
        Size/MD5 checksum:   360850 31898206d949ddd8a0645e756700e5e6
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_hppa.deb
        Size/MD5 checksum:   752928 5668adccc2caf428e04b35adad06753a
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_hppa.deb
        Size/MD5 checksum:  1741168 32a16b666040fd28dad3a50cb2508edd
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_i386.deb
        Size/MD5 checksum:  5142098 46afbb8656ef35617b90e5272ff4fb0f
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_i386.deb
        Size/MD5 checksum:   326492 8ffe29c959a8494c2421a0aa2f4f4d32
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_i386.deb
        Size/MD5 checksum:   679860 9588d20c33677a0acfffce3a98c97280
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_i386.deb
        Size/MD5 checksum:  1506712 e324dae1d982241abb5537b719a4831a
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_ia64.deb
        Size/MD5 checksum:  5000868 ae42b44a76ecb3558c5a2e5db5f19e2a
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_ia64.deb
        Size/MD5 checksum:  2087484 b7bc9718fd1ef427eb763a34c34b900b
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_ia64.deb
        Size/MD5 checksum:   435108 aa579727d0272a8fb8968bfa6e4062a7
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_ia64.deb
        Size/MD5 checksum:   948900 9f829afda7629eeca4f38bb043f20676
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mips.deb
        Size/MD5 checksum:  1304070 c57c7afa0b340b070bc2f54f340549a3
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mips.deb
        Size/MD5 checksum:   320686 c3a2186b1f6037b7fd66bdef4e47e26b
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mips.deb
        Size/MD5 checksum:   656496 8b848d690917eab703a60698a3be2e1f
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mips.deb
        Size/MD5 checksum:  5409338 e7fbcb9776703eb244a79fcb363adbbd
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mipsel.deb
        Size/MD5 checksum:  1291760 7fb32d3297f440c73e964081860e460e
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mipsel.deb
        Size/MD5 checksum:   318700 e5baa0a06a8900638e3088b9879b1923
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mipsel.deb
        Size/MD5 checksum:  5306128 762422060524ce5019abe682005dd273
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mipsel.deb
        Size/MD5 checksum:   651552 892ac43fc97903793d60239843524bc7
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_powerpc.deb
        Size/MD5 checksum:  1682748 37529f1ef367a5e984aa027c5f270d8b
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_powerpc.deb
        Size/MD5 checksum:   757670 9a9aef7b7215ba897e731e0dc1c2e645
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_powerpc.deb
        Size/MD5 checksum:   362828 f2482932f44d26f9878d1943e24fbb6a
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_powerpc.deb
        Size/MD5 checksum:  5360552 12cef47bcab4db9af3071cb31ce1c4f9
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_s390.deb
        Size/MD5 checksum:  5331892 1de914be4947ec1f1d4e9f029f350480
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_s390.deb
        Size/MD5 checksum:   360378 e9bb6c133cb59909e1418fae60245352
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_s390.deb
        Size/MD5 checksum:   719338 795beea30a9d2d289ebbd9e2ffc0f286
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_s390.deb
        Size/MD5 checksum:  1562530 186ca2624c320ef40cfcf309bd6bcf32
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_sparc.deb
        Size/MD5 checksum:   683482 7e54e2b074c6d6ad4a1fb28a070009f2
      http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_sparc.deb
        Size/MD5 checksum:  4921794 c712395d28b865aab3ede218504c7ae4
      http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_sparc.deb
        Size/MD5 checksum:   329552 591579e595077a26fc6616302723bfe7
      http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_sparc.deb
        Size/MD5 checksum:  1513948 68603d70bc41cb6f300a85ad9b0454df
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.