Sicherheit: Mehrere Probleme in Pidgin

Lesezeichen hinzufügen

--===============1073646422954010400==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-RSGpbgTN5cOmJR4d4m+9"

--=-RSGpbgTN5cOmJR4d4m+9
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1273-1
November 21, 2011

pidgin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Pidgin could be made to crash if it received specially crafted network
traffic.

Software Description:
- pidgin: multi-protocol instant messaging client

Details:

Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG
messages in the Yahoo! protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2011-1091)

Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100
responses in the MSN protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. (CVE-2011-3184)

Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8
sequences in the SILC protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. (CVE-2011-3594)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
pidgin 1:2.7.11-1ubuntu2.1

Ubuntu 10.10:
pidgin 1:2.7.3-1ubuntu3.3

Ubuntu 10.04 LTS:
pidgin 1:2.6.6-1ubuntu4.4

After a standard system update you need to restart Pidgin to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1273-1
CVE-2011-1091, CVE-2011-3184, CVE-2011-3594

Package Information:
https://launchpad.net/ubuntu/+source/pidgin/1:2.7.11-1ubuntu2.1
https://launchpad.net/ubuntu/+source/pidgin/1:2.7.3-1ubuntu3.3
https://launchpad.net/ubuntu/+source/pidgin/1:2.6.6-1ubuntu4.4

--ÛSGpbgTN5cOmJR4d4m+9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJOyrMkAAoJEGVp2FWnRL6TG/4P/2NfZ7aceKYnc/JH/GWqW24G
Sa3kZY22+xfrjjpfbREpnI5soojxmT8D6wyivYUC4T2Kvi+Yef0onJP1OrDk+1Zu
z8mUz95AVRJb8ccX2BwxGFgHp4uRKmLr4PVQzPUK2zPmm2LNpmOlYs/zYMrrlHnJ
RzRwBZkB/l2MayuoOCdepO6NmfIzi0wVh7qXmj+UQDP2r6FJQCEkXLGQJaE/VYBF
BBcrW5UKzdidnpNKgtava7fCSX19mv1wJCvD6BiffixdYGrPiYWythnWBRJfIqwy
NaDNNkZqYtvPBb2mfzqadLZtVc7DSnAVxMjLfeV5gbaUB8nbKV1M6SdZBMlM4SG6
XtJx7Cb+nHNzohJ6nPmNjPmF6u9+yaPrBfrhYVu8UY4NRs+0J1ylEjjlHLFG/3l5
suUURv9qiMgYEgHHsCk0/aiUHB8rTp7MYfzV3kPJ3XZGSjJhb+vHxILHNizOOozs
//QMDU2QIQV21gQximDZlW0Q/aqVEXLnIq1oLbM0kfYQuvQKKGE7XtHZz5lFW7NY
ARC758ZV6OgXdS6JDAvTo+a8TAeCrPK5EI2b1FRVEoJ5TzdaXRtwZrjZat2qzHaJ
Zm08DAm7bdAU0eqXPCTjumnE0il6hPBPKvg36VZpw1esKwAx1kY12hkZL1i7HIZl
RsWrRqbFUy6JrGRPqIkz
=XwBZ
-----END PGP SIGNATURE-----

--=-RSGpbgTN5cOmJR4d4m+9--

--===============1073646422954010400==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1073646422954010400==--