what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-029

Mandriva Linux Security Advisory 2012-029
Posted Mar 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-029 - The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service by changing a nickname while in an XMPP chat room. The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service via an OIM message that lacks UTF-8 encoding. This update provides pidgin 2.10.2, which is not vulnerable to these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2011-4939, CVE-2012-1178
SHA-256 | 37f419c48c8228cd782abfdb04b3b0eab3d820556f4c26443a5a2a7c6987a8ab

Mandriva Linux Security Advisory 2012-029

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:029
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pidgin
Date : March 16, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in pidgin:

The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin
before 2.10.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) by changing a nickname
while in an XMPP chat room (CVE-2011-4939).

The msn_oim_report_to_user function in oim.c in the MSN protocol
plugin in libpurple in Pidgin before 2.10.2 allows remote servers to
cause a denial of service (application crash) via an OIM message that
lacks UTF-8 encoding (CVE-2012-1178).

This update provides pidgin 2.10.2, which is not vulnerable to
these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1178
http://www.pidgin.im/news/security/
http://pidgin.im/news/security/?id=60
http://pidgin.im/news/security/?id=61
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
d43d0101f88ab54df4721b49bbfcbd47 2011/i586/finch-2.10.2-0.1-mdv2011.0.i586.rpm
0cb536b1fb989b8706240a58ca01eb1c 2011/i586/libfinch0-2.10.2-0.1-mdv2011.0.i586.rpm
10a39a3b20735cebdd268e8c94c66811 2011/i586/libpurple0-2.10.2-0.1-mdv2011.0.i586.rpm
046ac86afa986a1e7dd7bae15a2e03c0 2011/i586/libpurple-devel-2.10.2-0.1-mdv2011.0.i586.rpm
382300ecec41008daa5d31a875795fc8 2011/i586/pidgin-2.10.2-0.1-mdv2011.0.i586.rpm
950290cc8a4a0788458d92f457aaab1e 2011/i586/pidgin-bonjour-2.10.2-0.1-mdv2011.0.i586.rpm
b1d60f79d998fcbdd3cc00e03658a1c1 2011/i586/pidgin-client-2.10.2-0.1-mdv2011.0.i586.rpm
ecd78ce4555ae2d022523c87c55454a4 2011/i586/pidgin-gevolution-2.10.2-0.1-mdv2011.0.i586.rpm
ccc331d78938f4cc7e648cc7459444e4 2011/i586/pidgin-i18n-2.10.2-0.1-mdv2011.0.i586.rpm
da7eae1f1bf161b87ea30cb3811486a6 2011/i586/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.i586.rpm
068f7a6d905007052fc5b3b80cec7c2f 2011/i586/pidgin-perl-2.10.2-0.1-mdv2011.0.i586.rpm
abe2d9f54fd720cc5fe0b814f0676d75 2011/i586/pidgin-plugins-2.10.2-0.1-mdv2011.0.i586.rpm
2aaef5a16d0da257e615a5a43f5cecfe 2011/i586/pidgin-silc-2.10.2-0.1-mdv2011.0.i586.rpm
72e4b2d2fdc011993bd85c58deaa75c7 2011/i586/pidgin-tcl-2.10.2-0.1-mdv2011.0.i586.rpm
fb74b14c9e4d5bc8d1e0713e0e91d788 2011/SRPMS/pidgin-2.10.2-0.1.src.rpm

Mandriva Linux 2011/X86_64:
9a4bf7e801d1a9cad6466e94b4be3fd0 2011/x86_64/finch-2.10.2-0.1-mdv2011.0.x86_64.rpm
cc101bd802e81b630e18053a762ef57b 2011/x86_64/lib64finch0-2.10.2-0.1-mdv2011.0.x86_64.rpm
753668f3396efa4269f01a31a72761bb 2011/x86_64/lib64purple0-2.10.2-0.1-mdv2011.0.x86_64.rpm
54c16e684f7e237973bc8a4a75671997 2011/x86_64/lib64purple-devel-2.10.2-0.1-mdv2011.0.x86_64.rpm
c67c0bdd52aa429529f8911ac84f60d3 2011/x86_64/pidgin-2.10.2-0.1-mdv2011.0.x86_64.rpm
ee7d7717c71119cce8f3bba710a15406 2011/x86_64/pidgin-bonjour-2.10.2-0.1-mdv2011.0.x86_64.rpm
7f84358dabcc9578beabe1d9a2d8c6d9 2011/x86_64/pidgin-client-2.10.2-0.1-mdv2011.0.x86_64.rpm
b3f464a55d023e09101faa975aa279f6 2011/x86_64/pidgin-gevolution-2.10.2-0.1-mdv2011.0.x86_64.rpm
ca70e67fc54f0abb959b7e5b32a17ae5 2011/x86_64/pidgin-i18n-2.10.2-0.1-mdv2011.0.x86_64.rpm
3ec278a284fa7e9e8c108dde9237c84a 2011/x86_64/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.x86_64.rpm
2160d440723ccd0146fdf73d080d9487 2011/x86_64/pidgin-perl-2.10.2-0.1-mdv2011.0.x86_64.rpm
0da3d45908d0ff4f56d9257603a9b05d 2011/x86_64/pidgin-plugins-2.10.2-0.1-mdv2011.0.x86_64.rpm
11461747aed93ec09971c3aaddc2a1dc 2011/x86_64/pidgin-silc-2.10.2-0.1-mdv2011.0.x86_64.rpm
4f0f6e4a042ba2de61d36f0b7a5e6ee8 2011/x86_64/pidgin-tcl-2.10.2-0.1-mdv2011.0.x86_64.rpm
fb74b14c9e4d5bc8d1e0713e0e91d788 2011/SRPMS/pidgin-2.10.2-0.1.src.rpm

Mandriva Enterprise Server 5:
98176bf2dc43db51bda56e352a932a31 mes5/i586/finch-2.10.2-0.1mdvmes5.2.i586.rpm
3a3968095ec2913ae4804e402185973e mes5/i586/libfinch0-2.10.2-0.1mdvmes5.2.i586.rpm
afde08c26b239b655ca572e36e130225 mes5/i586/libpurple0-2.10.2-0.1mdvmes5.2.i586.rpm
e1962de89b05b7030980b67eb8468112 mes5/i586/libpurple-devel-2.10.2-0.1mdvmes5.2.i586.rpm
b86d63e64d1e7f6088f814e7ed7f750b mes5/i586/pidgin-2.10.2-0.1mdvmes5.2.i586.rpm
71858e3b063eb3069fb1f26b57842572 mes5/i586/pidgin-bonjour-2.10.2-0.1mdvmes5.2.i586.rpm
9adf07b928e291b16009cd20a2948dca mes5/i586/pidgin-client-2.10.2-0.1mdvmes5.2.i586.rpm
c3f899d615f11a811da7b42e313b5727 mes5/i586/pidgin-gevolution-2.10.2-0.1mdvmes5.2.i586.rpm
6d7840859c24f27bf365afd9985c248c mes5/i586/pidgin-i18n-2.10.2-0.1mdvmes5.2.i586.rpm
fcab90775cd1e9502f859503820838ff mes5/i586/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.i586.rpm
c22fd1876ba641fa62c6f9b45cb5a761 mes5/i586/pidgin-perl-2.10.2-0.1mdvmes5.2.i586.rpm
e6e5fd2457eaf4761caf82520a6b97e2 mes5/i586/pidgin-plugins-2.10.2-0.1mdvmes5.2.i586.rpm
cac016b838884059b56d96b221e019f1 mes5/i586/pidgin-silc-2.10.2-0.1mdvmes5.2.i586.rpm
1c7900f6d723b5f7dbf3043dc72fc06b mes5/i586/pidgin-tcl-2.10.2-0.1mdvmes5.2.i586.rpm
5d7d088675ef2278ecd8abaecce60ea2 mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
386eea89cf9212b8c39bf7c35f17aba4 mes5/x86_64/finch-2.10.2-0.1mdvmes5.2.x86_64.rpm
72a3e88110705a28bfdaa2a983ffda93 mes5/x86_64/lib64finch0-2.10.2-0.1mdvmes5.2.x86_64.rpm
a80684b67e6873757895b8f19ffd0b58 mes5/x86_64/lib64purple0-2.10.2-0.1mdvmes5.2.x86_64.rpm
df45736b7a7f6874545ac0e21c8ab654 mes5/x86_64/lib64purple-devel-2.10.2-0.1mdvmes5.2.x86_64.rpm
48c2332c458fc7eb09c09e3b9aa489fa mes5/x86_64/pidgin-2.10.2-0.1mdvmes5.2.x86_64.rpm
55f50f19e45c40201221c4fc974a1bcc mes5/x86_64/pidgin-bonjour-2.10.2-0.1mdvmes5.2.x86_64.rpm
a2ef0a13cdf19b49bfb255128618c451 mes5/x86_64/pidgin-client-2.10.2-0.1mdvmes5.2.x86_64.rpm
81938c1e9ded10b9529f2bfc481bfa3c mes5/x86_64/pidgin-gevolution-2.10.2-0.1mdvmes5.2.x86_64.rpm
bbce183143e426c03a91e58e49880c24 mes5/x86_64/pidgin-i18n-2.10.2-0.1mdvmes5.2.x86_64.rpm
0899857f03f5ea37a27f55d8cf5dcc05 mes5/x86_64/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.x86_64.rpm
962492864ecd5dd982761ce511de10aa mes5/x86_64/pidgin-perl-2.10.2-0.1mdvmes5.2.x86_64.rpm
47d1c889595cb334cf4259c909c04c66 mes5/x86_64/pidgin-plugins-2.10.2-0.1mdvmes5.2.x86_64.rpm
f47e860c64fa593d1e2ee45631b36e04 mes5/x86_64/pidgin-silc-2.10.2-0.1mdvmes5.2.x86_64.rpm
cd28db4b2d38e3ccc760572b3cb5fcb3 mes5/x86_64/pidgin-tcl-2.10.2-0.1mdvmes5.2.x86_64.rpm
5d7d088675ef2278ecd8abaecce60ea2 mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPYvMjmqjQ0CJFipgRAvgOAJ0XpDNHUxenK3wPbl1HnGsbboIS1ACgyTMA
+23QTOHoHQuUnBhtXSsUYCg=
=HVjt
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close