Login
Newsletter
Werbung
Sicherheit: Denial of Service in Pidgin
Aktuelle Meldungen Distributionen
Name: Denial of Service in Pidgin
ID: MDVSA-2011:050
Distribution: Mandriva
Plattformen: Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.0, Mandriva 2010.1
Datum: Mo, 21. März 2011, 15:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
http://pidgin.im/news/security/
http://www.pidgin.im/news/security/?id=50
Applikationen: Pidgin

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1300713667-3372-68

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:050
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : March 21, 2011
 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in pidgin:
 
 It was discovered that libpurple versions prior to 2.7.10 do not
 properly clear certain data structures used in libpurple/cipher.c
 prior to freeing. An attacker could potentially extract partial
 information from memory regions freed by libpurple.
 
 The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10
 do not properly handle malformed YMSG packets, leading to NULL pointer
 dereferences and application crash (CVE-2011-1091).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 This update provides pidgin 2.7.11, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
 http://pidgin.im/news/security/
 http://www.pidgin.im/news/security/?id=50
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 02272c0ea45399b7de8c5ad91769ccaf 
 2009.0/i586/finch-2.7.11-0.2mdv2009.0.i586.rpm
 a56eb1e6da24916ddfd63c1538aaf0bc 
 2009.0/i586/libfinch0-2.7.11-0.2mdv2009.0.i586.rpm
 b4ea5510c4d97b27067f24d9c96e1212 
 2009.0/i586/libpurple0-2.7.11-0.2mdv2009.0.i586.rpm
 f77ab49a70a4f5db1b24cfa795ee5eb9 
 2009.0/i586/libpurple-devel-2.7.11-0.2mdv2009.0.i586.rpm
 f0b2306c0998d4b09a983e663c786193 
 2009.0/i586/pidgin-2.7.11-0.2mdv2009.0.i586.rpm
 f2789d7667315b04d15db7e3b5197158 
 2009.0/i586/pidgin-bonjour-2.7.11-0.2mdv2009.0.i586.rpm
 12930ae763926350b49c6b34c83193d2 
 2009.0/i586/pidgin-client-2.7.11-0.2mdv2009.0.i586.rpm
 13626e83a07a7b9326c9ce4e4e815a38 
 2009.0/i586/pidgin-gevolution-2.7.11-0.2mdv2009.0.i586.rpm
 4b6aa19ce16ef38993f8a9e31d516841 
 2009.0/i586/pidgin-i18n-2.7.11-0.2mdv2009.0.i586.rpm
 c6cbde47277d8b8e0bb41ee287498def 
 2009.0/i586/pidgin-meanwhile-2.7.11-0.2mdv2009.0.i586.rpm
 55de9d811460b4425ec33ee5cb5e9ada 
 2009.0/i586/pidgin-perl-2.7.11-0.2mdv2009.0.i586.rpm
 85d7cfca3d002b0e104ebe63c7707e86 
 2009.0/i586/pidgin-plugins-2.7.11-0.2mdv2009.0.i586.rpm
 46523f4fc58ee90f81d114ceac2c3194 
 2009.0/i586/pidgin-silc-2.7.11-0.2mdv2009.0.i586.rpm
 13434680dc34880f9cacbb8433c6068d 
 2009.0/i586/pidgin-tcl-2.7.11-0.2mdv2009.0.i586.rpm 
 482d48fd33b0456e45fdc967065b034f 
 2009.0/SRPMS/pidgin-2.7.11-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 5526e0654879e71c6067cf50d4eccff2 
 2009.0/x86_64/finch-2.7.11-0.2mdv2009.0.x86_64.rpm
 305546197e6a9f2d183726ebc7f5f03c 
 2009.0/x86_64/lib64finch0-2.7.11-0.2mdv2009.0.x86_64.rpm
 4026ea992e4e581621e9385dd33fec66 
 2009.0/x86_64/lib64purple0-2.7.11-0.2mdv2009.0.x86_64.rpm
 d30572d27b4dadb1078bf5481840c0db 
 2009.0/x86_64/lib64purple-devel-2.7.11-0.2mdv2009.0.x86_64.rpm
 e010842b726c6678f9e80511deb82f56 
 2009.0/x86_64/pidgin-2.7.11-0.2mdv2009.0.x86_64.rpm
 730ca0d8a3a8c88a128628237c29ce98 
 2009.0/x86_64/pidgin-bonjour-2.7.11-0.2mdv2009.0.x86_64.rpm
 91419b735a9179fa1e375a4b423ddbd9 
 2009.0/x86_64/pidgin-client-2.7.11-0.2mdv2009.0.x86_64.rpm
 15ffd7a64f98234b8630385195a8d8ca 
 2009.0/x86_64/pidgin-gevolution-2.7.11-0.2mdv2009.0.x86_64.rpm
 918fddb097cc3eb188de6d7f03c860c8 
 2009.0/x86_64/pidgin-i18n-2.7.11-0.2mdv2009.0.x86_64.rpm
 014c5daf75ca00977a2fd579cf39cda5 
 2009.0/x86_64/pidgin-meanwhile-2.7.11-0.2mdv2009.0.x86_64.rpm
 cd78ed435f6776883b519b74201c29b5 
 2009.0/x86_64/pidgin-perl-2.7.11-0.2mdv2009.0.x86_64.rpm
 b8fd7f1371113f9cef6c9baeaf239279 
 2009.0/x86_64/pidgin-plugins-2.7.11-0.2mdv2009.0.x86_64.rpm
 5502d8887ec65246ee16ba9bf2bdd859 
 2009.0/x86_64/pidgin-silc-2.7.11-0.2mdv2009.0.x86_64.rpm
 a043ab0eaba8238e93975ace64445553 
 2009.0/x86_64/pidgin-tcl-2.7.11-0.2mdv2009.0.x86_64.rpm 
 482d48fd33b0456e45fdc967065b034f 
 2009.0/SRPMS/pidgin-2.7.11-0.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 cd089b274f9f2c508ea71a9860a7e81e 
 2010.0/i586/finch-2.7.11-0.2mdv2010.0.i586.rpm
 92bdd3dd221dff87594c9ddea7ccae2a 
 2010.0/i586/libfinch0-2.7.11-0.2mdv2010.0.i586.rpm
 7ec9bea4f87d573c7ac621b0d1bb9a7c 
 2010.0/i586/libpurple0-2.7.11-0.2mdv2010.0.i586.rpm
 068ec31247de3cc5efd609bde8288f45 
 2010.0/i586/libpurple-devel-2.7.11-0.2mdv2010.0.i586.rpm
 e3f6770ecbeeb66a3a5b6c5d09246e97 
 2010.0/i586/pidgin-2.7.11-0.2mdv2010.0.i586.rpm
 0f3ddb35b183e5a0949658e2a9d878a8 
 2010.0/i586/pidgin-bonjour-2.7.11-0.2mdv2010.0.i586.rpm
 91366f3dacb3a561827fb92f30818bcf 
 2010.0/i586/pidgin-client-2.7.11-0.2mdv2010.0.i586.rpm
 aff60bb8589a47af9461eb9e4fe535ac 
 2010.0/i586/pidgin-i18n-2.7.11-0.2mdv2010.0.i586.rpm
 e5af4a521b468eb817810c64db1f9dbf 
 2010.0/i586/pidgin-meanwhile-2.7.11-0.2mdv2010.0.i586.rpm
 34b76b56c4d152b539b0192adaf23455 
 2010.0/i586/pidgin-perl-2.7.11-0.2mdv2010.0.i586.rpm
 30969dc21c07afee4c5f739910c7a364 
 2010.0/i586/pidgin-plugins-2.7.11-0.2mdv2010.0.i586.rpm
 82a223a52e764f710303493250497bd2 
 2010.0/i586/pidgin-silc-2.7.11-0.2mdv2010.0.i586.rpm
 1cba7023d19e7a2f60ee0da45d0a25d2 
 2010.0/i586/pidgin-tcl-2.7.11-0.2mdv2010.0.i586.rpm 
 b6824de47afccf4609f12e5c965fc1fa 
 2010.0/SRPMS/pidgin-2.7.11-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 7e15a3c3a6dde1b54ac450115107f28b 
 2010.0/x86_64/finch-2.7.11-0.2mdv2010.0.x86_64.rpm
 a4b3c4e56428541207a12d081221670a 
 2010.0/x86_64/lib64finch0-2.7.11-0.2mdv2010.0.x86_64.rpm
 bd22a826db8b32f6bfb6f4b8eb1d4344 
 2010.0/x86_64/lib64purple0-2.7.11-0.2mdv2010.0.x86_64.rpm
 deb65f4089d881b15d9dd52c9e63f051 
 2010.0/x86_64/lib64purple-devel-2.7.11-0.2mdv2010.0.x86_64.rpm
 beed87ce786c88aebf8f7d42b46510bc 
 2010.0/x86_64/pidgin-2.7.11-0.2mdv2010.0.x86_64.rpm
 fc7e641651b961bc1a0556fedc6ce0d7 
 2010.0/x86_64/pidgin-bonjour-2.7.11-0.2mdv2010.0.x86_64.rpm
 0abe6b7652766dc424c0af5cd512228c 
 2010.0/x86_64/pidgin-client-2.7.11-0.2mdv2010.0.x86_64.rpm
 3c02e69fcc4dde4e519f445453b561d3 
 2010.0/x86_64/pidgin-i18n-2.7.11-0.2mdv2010.0.x86_64.rpm
 bce8a3dd6ee27ca6473645b099f9c937 
 2010.0/x86_64/pidgin-meanwhile-2.7.11-0.2mdv2010.0.x86_64.rpm
 853565b529225e2134fc577867076934 
 2010.0/x86_64/pidgin-perl-2.7.11-0.2mdv2010.0.x86_64.rpm
 3c43bb7945fd920fbb598656945e61c6 
 2010.0/x86_64/pidgin-plugins-2.7.11-0.2mdv2010.0.x86_64.rpm
 2490e01d78f54daa02bfad01a73c62b7 
 2010.0/x86_64/pidgin-silc-2.7.11-0.2mdv2010.0.x86_64.rpm
 9f7b53d3e7bb3f763dcafd7ea5bc6a33 
 2010.0/x86_64/pidgin-tcl-2.7.11-0.2mdv2010.0.x86_64.rpm 
 b6824de47afccf4609f12e5c965fc1fa 
 2010.0/SRPMS/pidgin-2.7.11-0.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 026808d321db13dd3959c09c0870291d 
 2010.1/i586/finch-2.7.11-0.2mdv2010.2.i586.rpm
 6795337877c16953af8778ea7409cc02 
 2010.1/i586/libfinch0-2.7.11-0.2mdv2010.2.i586.rpm
 acaf6ea2525b497c01c3ab0dd8d676f7 
 2010.1/i586/libpurple0-2.7.11-0.2mdv2010.2.i586.rpm
 6a6ab92f284d8e94f9e6cfb0f7e75ce8 
 2010.1/i586/libpurple-devel-2.7.11-0.2mdv2010.2.i586.rpm
 6dbc69766a51468948eb0a0de3ca0c65 
 2010.1/i586/pidgin-2.7.11-0.2mdv2010.2.i586.rpm
 1845aed0441b7e537c49bfee5a811ee7 
 2010.1/i586/pidgin-bonjour-2.7.11-0.2mdv2010.2.i586.rpm
 ac8a5dad1500407a72184a430529c40f 
 2010.1/i586/pidgin-client-2.7.11-0.2mdv2010.2.i586.rpm
 3de3eb03e4a03b32a52a0224704721a1 
 2010.1/i586/pidgin-i18n-2.7.11-0.2mdv2010.2.i586.rpm
 ea2f55af7216565c6fc1e5361db0ce69 
 2010.1/i586/pidgin-meanwhile-2.7.11-0.2mdv2010.2.i586.rpm
 f416adfcef2ecf72317176c63e6ef5e3 
 2010.1/i586/pidgin-perl-2.7.11-0.2mdv2010.2.i586.rpm
 f1d484f54c41419aedca7f9b1a436a2e 
 2010.1/i586/pidgin-plugins-2.7.11-0.2mdv2010.2.i586.rpm
 d28959266d5b38c90d63077f02ed1298 
 2010.1/i586/pidgin-silc-2.7.11-0.2mdv2010.2.i586.rpm
 2e9b442b87c031ab8155a8df52f9793c 
 2010.1/i586/pidgin-tcl-2.7.11-0.2mdv2010.2.i586.rpm 
 930ca1a55c447105e1288c6a45f53161 
 2010.1/SRPMS/pidgin-2.7.11-0.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 a75bf57617d370a7c9c9ad36ca71db39 
 2010.1/x86_64/finch-2.7.11-0.2mdv2010.2.x86_64.rpm
 09df970f28dc2d3d5674750c1f9836d6 
 2010.1/x86_64/lib64finch0-2.7.11-0.2mdv2010.2.x86_64.rpm
 96cbaaa67c894d9812cdbac93472c103 
 2010.1/x86_64/lib64purple0-2.7.11-0.2mdv2010.2.x86_64.rpm
 2fe0b3e647fdffb778e404f26cfb6489 
 2010.1/x86_64/lib64purple-devel-2.7.11-0.2mdv2010.2.x86_64.rpm
 0e662738d89dd37b8b1ef1e757e5e618 
 2010.1/x86_64/pidgin-2.7.11-0.2mdv2010.2.x86_64.rpm
 87677f66c63f6a6bdb1f861dc4a344ed 
 2010.1/x86_64/pidgin-bonjour-2.7.11-0.2mdv2010.2.x86_64.rpm
 073fab54248329d6bf32384a66dd45a6 
 2010.1/x86_64/pidgin-client-2.7.11-0.2mdv2010.2.x86_64.rpm
 ba6f0cd87136a0bbb28bea0e042fbdc0 
 2010.1/x86_64/pidgin-i18n-2.7.11-0.2mdv2010.2.x86_64.rpm
 3631bd926ab388282cc26f1aa84558c3 
 2010.1/x86_64/pidgin-meanwhile-2.7.11-0.2mdv2010.2.x86_64.rpm
 f8a431960b83b9d850d95d33782d9a0e 
 2010.1/x86_64/pidgin-perl-2.7.11-0.2mdv2010.2.x86_64.rpm
 2cb185bfa3d598610c157e3b9b27ad75 
 2010.1/x86_64/pidgin-plugins-2.7.11-0.2mdv2010.2.x86_64.rpm
 ec043019418e5f9baf3280195259aeb5 
 2010.1/x86_64/pidgin-silc-2.7.11-0.2mdv2010.2.x86_64.rpm
 bb8c246dccb0edf2915e3ec752af1cc4 
 2010.1/x86_64/pidgin-tcl-2.7.11-0.2mdv2010.2.x86_64.rpm 
 930ca1a55c447105e1288c6a45f53161 
 2010.1/SRPMS/pidgin-2.7.11-0.2mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 1e3ad1b92aaf9b058a8e42fc7e3f318c  mes5/i586/finch-2.7.11-0.2mdvmes5.2.i586.rpm
 7ba1e7c867fe14f93f75da870148b0cd 
 mes5/i586/libfinch0-2.7.11-0.2mdvmes5.2.i586.rpm
 61371efd06e2578fec9735767a3c535b 
 mes5/i586/libpurple0-2.7.11-0.2mdvmes5.2.i586.rpm
 cbd6e53d3bef5c96ac19f255ddd34539 
 mes5/i586/libpurple-devel-2.7.11-0.2mdvmes5.2.i586.rpm
 4c48c636da767806d036de1d50670cee 
 mes5/i586/pidgin-2.7.11-0.2mdvmes5.2.i586.rpm
 5da5bfa0f6ac6f57ec7e8b4760800ca9 
 mes5/i586/pidgin-bonjour-2.7.11-0.2mdvmes5.2.i586.rpm
 77ac8a8a4515c9856b22e822b59936d0 
 mes5/i586/pidgin-client-2.7.11-0.2mdvmes5.2.i586.rpm
 71b95113f643294a45a4915250c7f3dc 
 mes5/i586/pidgin-gevolution-2.7.11-0.2mdvmes5.2.i586.rpm
 5b4d95d26d978a07b21478500cf1d843 
 mes5/i586/pidgin-i18n-2.7.11-0.2mdvmes5.2.i586.rpm
 aa03169b88348e19b3392e9ac1db9321 
 mes5/i586/pidgin-meanwhile-2.7.11-0.2mdvmes5.2.i586.rpm
 60aa33eda063d596568dc1285ed02ffa 
 mes5/i586/pidgin-perl-2.7.11-0.2mdvmes5.2.i586.rpm
 99d79def857a8540f20c5b9d3f9af4f3 
 mes5/i586/pidgin-plugins-2.7.11-0.2mdvmes5.2.i586.rpm
 ecd19053f387e7d2c9c311bba1ce0345 
 mes5/i586/pidgin-silc-2.7.11-0.2mdvmes5.2.i586.rpm
 e46a2af4b4b483422b1444a400c4326f 
 mes5/i586/pidgin-tcl-2.7.11-0.2mdvmes5.2.i586.rpm 
 519a5739ec90348e9c0c913db00a1bda 
 mes5/SRPMS/pidgin-2.7.11-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 efad2e14e43adaf9a603476cd0cb96c7 
 mes5/x86_64/finch-2.7.11-0.2mdvmes5.2.x86_64.rpm
 9ecf9785b1cf3559c9e4eb574d741e1a 
 mes5/x86_64/lib64finch0-2.7.11-0.2mdvmes5.2.x86_64.rpm
 c7b753e051fcab5f10f326b6258fa5cb 
 mes5/x86_64/lib64purple0-2.7.11-0.2mdvmes5.2.x86_64.rpm
 f8f1f05027272163e7bf89a9bbf6c729 
 mes5/x86_64/lib64purple-devel-2.7.11-0.2mdvmes5.2.x86_64.rpm
 047b794605866b547b73c0c39a1a1cdc 
 mes5/x86_64/pidgin-2.7.11-0.2mdvmes5.2.x86_64.rpm
 02c72f23542a310c733e3d34055e77d5 
 mes5/x86_64/pidgin-bonjour-2.7.11-0.2mdvmes5.2.x86_64.rpm
 edf63c606244670e52c5c411d0e05079 
 mes5/x86_64/pidgin-client-2.7.11-0.2mdvmes5.2.x86_64.rpm
 9c24cd7e741f360acd336dafa211c48a 
 mes5/x86_64/pidgin-gevolution-2.7.11-0.2mdvmes5.2.x86_64.rpm
 353e1b7c0bd2e0e3ce828886260d8059 
 mes5/x86_64/pidgin-i18n-2.7.11-0.2mdvmes5.2.x86_64.rpm
 885bba4bcf04a03b350d24f2e24d03cc 
 mes5/x86_64/pidgin-meanwhile-2.7.11-0.2mdvmes5.2.x86_64.rpm
 8c5c057d080404a6f44d8e5b0bada975 
 mes5/x86_64/pidgin-perl-2.7.11-0.2mdvmes5.2.x86_64.rpm
 da1430c5131cf10fca52ce5c810b1da4 
 mes5/x86_64/pidgin-plugins-2.7.11-0.2mdvmes5.2.x86_64.rpm
 176c13d9a1d4556cf507fbdc8cb2e9bc 
 mes5/x86_64/pidgin-silc-2.7.11-0.2mdvmes5.2.x86_64.rpm
 a2d085db784fe652c82a07bf3fa2408b 
 mes5/x86_64/pidgin-tcl-2.7.11-0.2mdvmes5.2.x86_64.rpm 
 519a5739ec90348e9c0c913db00a1bda 
 mes5/SRPMS/pidgin-2.7.11-0.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNhyAhmqjQ0CJFipgRAm2MAKDTsiKn05AyvmkhUMuBytCviBXGXACdGCPR
Y2w+ZPLVesVZe5ZLOxPekm0=
=aJu8
-----END PGP SIGNATURE-----


------------=_1300713667-3372-68
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1300713667-3372-68--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung