Login


 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Pidgin
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Pidgin
ID: MDVSA-2013:025
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0
Datum: Do, 14. März 2013, 14:32
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
http://www.pidgin.im/news/security/

Originalnachricht

This is a multi-part message in MIME format...

------------=_1363261515-2161-66

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:025
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : pidgin
Date : March 14, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in pidgin:

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might
allow remote attackers to create or overwrite files via a crafted
(1) mxit or (2) mxit/imagestrips pathname (CVE-2013-0271).

Buffer overflow in http.c in the MXit protocol plugin in libpurple
in Pidgin before 2.10.7 allows remote servers to execute arbitrary
code via a long HTTP header (CVE-2013-0272).

sametime.c in the Sametime protocol plugin in libpurple in Pidgin
before 2.10.7 does not properly terminate long user IDs, which allows
remote servers to cause a denial of service (application crash)
via a crafted packet (CVE-2013-0273).

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate
long strings in UPnP responses, which allows remote attackers to
cause a denial of service (application crash) by leveraging access
to the local network (CVE-2013-0274).

This update provides pidgin 2.10.7, which is not vulnerable to
these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
http://www.pidgin.im/news/security/
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
4eb267f970ddb2ad4d62321c269d4a9b mes5/i586/finch-2.10.7-0.1mdvmes5.2.i586.rpm
e21539113c76768f5d2e0a0a4a9f6cbc
mes5/i586/libfinch0-2.10.7-0.1mdvmes5.2.i586.rpm
19fcd2343bc5a28cfac82570047dabc8
mes5/i586/libpurple0-2.10.7-0.1mdvmes5.2.i586.rpm
1d1ec13029069d2e5670ecd9e5c2c084
mes5/i586/libpurple-devel-2.10.7-0.1mdvmes5.2.i586.rpm
24f8bc13c74be1366165f8c04d4b67ac
mes5/i586/pidgin-2.10.7-0.1mdvmes5.2.i586.rpm
fe6749ec8865e5cc96b16ddce0606e25
mes5/i586/pidgin-bonjour-2.10.7-0.1mdvmes5.2.i586.rpm
76f84decf6d5834037ccf6b9ed4c68d9
mes5/i586/pidgin-client-2.10.7-0.1mdvmes5.2.i586.rpm
41f63fd40174df1160a63ef44d881c3c
mes5/i586/pidgin-gevolution-2.10.7-0.1mdvmes5.2.i586.rpm
936c150819cd7e8ac19e5f2d02bb684d
mes5/i586/pidgin-i18n-2.10.7-0.1mdvmes5.2.i586.rpm
7c1d22d3777f7c49f7d49b09a1d43811
mes5/i586/pidgin-meanwhile-2.10.7-0.1mdvmes5.2.i586.rpm
ca57564f29f191f3bae55c9ce6255234
mes5/i586/pidgin-perl-2.10.7-0.1mdvmes5.2.i586.rpm
1882da3624a8dc8e27a51f3c867dbc88
mes5/i586/pidgin-plugins-2.10.7-0.1mdvmes5.2.i586.rpm
37ee0fe3a08d109f069de07f8a218f27
mes5/i586/pidgin-silc-2.10.7-0.1mdvmes5.2.i586.rpm
4d8bbdce9ce0e3b1ec663f4df384c70b
mes5/i586/pidgin-tcl-2.10.7-0.1mdvmes5.2.i586.rpm
d8390c286670e49deee241267eb5070e
mes5/SRPMS/pidgin-2.10.7-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
00fb4dc53fd8cbf056d493ca75231d1c
mes5/x86_64/finch-2.10.7-0.1mdvmes5.2.x86_64.rpm
f0a81cae3067ba8fa47f603af718e1bd
mes5/x86_64/lib64finch0-2.10.7-0.1mdvmes5.2.x86_64.rpm
d50e2f1821a4912639b20fa678d4538b
mes5/x86_64/lib64purple0-2.10.7-0.1mdvmes5.2.x86_64.rpm
5a73a3d942a97d581a5b89bfcc550be3
mes5/x86_64/lib64purple-devel-2.10.7-0.1mdvmes5.2.x86_64.rpm
337ca23774f09a1f6e60d02ba1bdef3f
mes5/x86_64/pidgin-2.10.7-0.1mdvmes5.2.x86_64.rpm
49d7a34e3af48fbf49d59a8dad1ca3fb
mes5/x86_64/pidgin-bonjour-2.10.7-0.1mdvmes5.2.x86_64.rpm
53099ab83b0f4351d3668e2f84e6d2fa
mes5/x86_64/pidgin-client-2.10.7-0.1mdvmes5.2.x86_64.rpm
31dc403c7863624346efaaa46027b3d1
mes5/x86_64/pidgin-gevolution-2.10.7-0.1mdvmes5.2.x86_64.rpm
1ae8ab836a6caffa77b99fe6e5de31ae
mes5/x86_64/pidgin-i18n-2.10.7-0.1mdvmes5.2.x86_64.rpm
beea935bc761483e50e5ec60bfeaa2a5
mes5/x86_64/pidgin-meanwhile-2.10.7-0.1mdvmes5.2.x86_64.rpm
8d6abe0c106b5f9d24917cdad13ef668
mes5/x86_64/pidgin-perl-2.10.7-0.1mdvmes5.2.x86_64.rpm
616204b1f131bf39fd77758765052286
mes5/x86_64/pidgin-plugins-2.10.7-0.1mdvmes5.2.x86_64.rpm
60ef462c8b8f28b4280169a6bac8d22f
mes5/x86_64/pidgin-silc-2.10.7-0.1mdvmes5.2.x86_64.rpm
78026cbae2cfdb327d64ed6b6b3fcc51
mes5/x86_64/pidgin-tcl-2.10.7-0.1mdvmes5.2.x86_64.rpm
d8390c286670e49deee241267eb5070e
mes5/SRPMS/pidgin-2.10.7-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFRQYu3mqjQ0CJFipgRAr58AKDQLYGYW+NZgX602GRUgztcWcdlQQCeOwkZ
4zmmI8O7HUx/x0D8R4nidvU=
=Dsq6
-----END PGP SIGNATURE-----


------------=_1363261515-2161-66
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1363261515-2161-66--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung