Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Ubuntu 8.04-9.04: USN-796-1 Critical: Pidgin Remote Crash via ICQ

Calendar Jul 06, 2009 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical software update Ubuntu remote crash pidgin ICQ issue
Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. 
==========================================================Ubuntu Security Notice USN-796-1              July 06, 2009
pidgin vulnerability
CVE-2009-1889
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  pidgin                          1:2.4.1-1ubuntu2.5

Ubuntu 8.10:
  pidgin                          1:2.5.2-0ubuntu1.3

Ubuntu 9.04:
  pidgin                          1:2.5.5-1ubuntu8.3

After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.

Details follow:

Yuriy Kaminskiy discovered that Pidgin did not properly handle certain
messages in the ICQ protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    69164 c70f15e2d9925bd9a59b50840bfb7955
          Size/MD5:     1539 721951dceb5f4f14ae2bb4448ad1cac6
          Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778

  Architecture independent packages:

          Size/MD5:    37848 19e50d194b3f88411ecad8fb59ca84ac
          Size/MD5:    92484 8689a019c2ca2b38e15aff511afcb126
          Size/MD5:   234622 57a60ab7b5b8200b1c59664fcaed09ad
          Size/MD5:  1329072 1ccf6543b453ea97c93adeaf3c8cecab
          Size/MD5:    72644 4cf5e0c20fe9d4e45bf5dbfa9a1977db
          Size/MD5:    86650 981f86978bf9d05d0325ca147789ba6a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   226882 19cfa44a561a43bc3fa11428fbafddaa
          Size/MD5:  1604968 fb1664d9db6f4dcb7515cf0621a0e2c2
          Size/MD5:  4432872 e82202e8158bd7fc5e528eff6352e9f1
          Size/MD5:   572092 d745457004a88ace8afe8327919c8366

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   200870 62ba621c0643d3dd4e8a10e7fb627be6
          Size/MD5:  1365264 b8851b1dfcc45e5112379d86a8560b4f
          Size/MD5:  4242726 8d34410391640602f5fbaab114637eea
          Size/MD5:   517136 f27931424aae4d2df6d9276d57778ef4

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   197190 125d9dc936b19fc2e30b63395cc91311
          Size/MD5:  1415410 264502f259c45da978283cd2deed21ff
          Size/MD5:  4372712 4815c0b8f5e5db6a483b9b7b5e90202f
          Size/MD5:   511658 3fe599d6288bcc92b1eaa8df579a7fae

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   237202 c45aea5032ff9e61326243cf29fe58ca
          Size/MD5:  1633736 3c8b4d4c45b28d0726bc6669c1e82e9c
          Size/MD5:  4475886 fde137ce8d58e26fb707478742563802
          Size/MD5:   589636 2f142dc2f8674578f52743bd6db54245

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   212832 e0931b8368e9a5be0edc1dcad7af9cc5
          Size/MD5:  1531968 60665d8ee53ac8f2b83579c6ef120743
          Size/MD5:  4364144 49f051b8a8c85d449e074f43889c6455
          Size/MD5:   545640 dca0481b3b91cac603d926d0b364a075

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    61109 89770bcc35af977d3b33c5d4fd432ba1
          Size/MD5:     1995 1e9143dccb487f7a07ff787faf305316
          Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf

  Architecture independent packages:

          Size/MD5:    38228 e74e5d5bdd6259248715951152db8960
          Size/MD5:    94990 87c0100cb825079578ff39896e39e5bb
          Size/MD5:   242446 77f527142b4d4ba5de074e24e4c40b8f
          Size/MD5:  1107018 0dbc651de63d442652be3dae6eb60bac
          Size/MD5:  1357364 ffeeba39751c4d846dedd7f68b236111

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   230062 f32d151342bd2936e5737786d84afb4d
          Size/MD5:  1754728 717f54c80158df99362fa15fc7675262
          Size/MD5:  4660546 6803c0dde881db7b106b3157aa4546a6
          Size/MD5:   613972 a4f2911a092fe319c3484d21f8cd23b9

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   204022 5503dd4f172149179c10a7fbf015f644
          Size/MD5:  1503360 98ac05ca1f329a7e6d150973d4309c1c
          Size/MD5:  4464556 2b2830ae442a2916342ef423658d0e55
          Size/MD5:   559586 ae2c916503d04c5443f7e94df2d78fd1

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   200652 4ceb5dad8ace3009147da0c4a9e72a36
          Size/MD5:  1552258 c2d933448089b75d6b183b93623a5fbb
          Size/MD5:  4599392 638b6d2eaead1319f58776241f617580
          Size/MD5:   553784 550a852c80fb57899a429dee2e8ed51a

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   235470 97e13f09b0c1be4ca8460089b3462106
          Size/MD5:  1790468 72432fac2c37bbe8b245b4f49b14accd
          Size/MD5:  4684996 ba2f04783a3055c59b89309f45aaf7cb
          Size/MD5:   619552 e98dedff7d91d7b1e9c36f0d73ad1d24

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   217316 4139672f16928314f6fb1ab4a92649f9
          Size/MD5:  1682752 3660dcc970dc9e6f15cdc4619ffa20a4
          Size/MD5:  4586880 d2931f64f5b78a1d999c80eeb9c82546
          Size/MD5:   590742 9dcb513bb95f1a374de48193b5d38137

Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:   132541 c77f3f90cc45c046f39d530cfa080021
          Size/MD5:     1935 8ace33777a3ffe91d97759bb2c255997
          Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f

  Architecture independent packages:

          Size/MD5:    38440 68fb60c8132a5cc683b5533b16882232
          Size/MD5:    97546 9b9e3becf081a9a1502e6e7c2f369145
          Size/MD5:   245608 da22fe05f8bfd598009949876b375842
          Size/MD5:  1150856 c5b88feffc26cea5f989bb842700983d
          Size/MD5:  1371436 c3e146ca3f2e9b9e3a1e35e159de39fa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   235088 6313965554f24edae96d269b8ea5743e
          Size/MD5:  1769464 2b2735ffe403873bb9ddec66c7489533
          Size/MD5:  5844998 864aa68cfe5341be94d935e587117790
          Size/MD5:   567412 359558290269a12016cfae47e6d704d1

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   213596 081632a915de7aed83f5329a8e09893e
          Size/MD5:  1552816 fe9ae42391f21c1062c278d5a0947619
          Size/MD5:  5447566 55fa8f1a1cfd84dd68721055b5e3d59c
          Size/MD5:   519330 1ae4aec80e938141ec3cbe35732f75a4

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   212130 6ae6d63272086da03f350d8d8d68a0fd
          Size/MD5:  1613110 d4c1dbe21f394c8296832de692d65cce
          Size/MD5:  5594480 bcafb8cef0b0cece6a67fd00deed226d
          Size/MD5:   518524 bd071ffbeeef67ca7372e1743b29efd1

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   245172 a180211f55d969060d68fdf1546a625f
          Size/MD5:  1825558 bc765d890d566e67f308875a3df0c916
          Size/MD5:  5758770 3caed5b7d90fd31babc1538b8d7a1462
          Size/MD5:   580986 c20fb6fe4d0c39ffb808e741c97e6104

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   214650 5aefec6c79a64ad3660976dd7b4adf97
          Size/MD5:  1640188 baa4c74f1e28da77dfd45516ce158f3d
          Size/MD5:  5292090 20d0c003f0e1977ebe20aaef22b3976f
          Size/MD5:   522162 528d8ae42a85cbf0a56c4ebd9477a8b9

Ubuntu 8.04-9.04: USN-796-1 Critical: Pidgin Remote Crash via ICQ

ubuntu
Calendar Grey July 6, 2009
Dist Ubuntu Esm H88
A distant intruder might leverage a Pidgin vulnerability in Ubuntu, triggering disruptions through specially designed ICQ messages. It's advisable to update.
Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler

Summary

Topics%20covered

Topics Covered

security advisory critical software update Ubuntu remote crash pidgin ICQ issue

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

pidgin vulnerability

Topics%20covered

Topics Covered

security advisory critical software update Ubuntu remote crash pidgin ICQ issue

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here