exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-025

Mandriva Linux Security Advisory 2009-025
Posted Jan 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-025 - The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates. Pidgin 2.4.1 suffers from a denial of service issue. The UPnP functionality in Pidgin 2.0.0 suffers from a denial of service issue and an arbitrary file download vulnerability.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532
SHA-256 | 7c3e00ac8e2df1bc834ced81c5a9f3e08019d886ea3b288d1d0b0c578e40aec0

Mandriva Linux Security Advisory 2009-025

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:025
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pidgin
Date : January 22, 2009
Affected: 2008.1
_______________________________________________________________________

Problem Description:

The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)

Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
msn_slplink_process_msg function. (CVE-2008-2955)

The UPnP functionality in Pidgin 2.0.0, and possibly other versions,
allows remote attackers to trigger the download of arbitrary files
and cause a denial of service (memory or disk consumption) via a UDP
packet that specifies an arbitrary URL. (CVE-2008-2957)

The updated packages have been patched to fix these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
8d986cf90ce366f40da1ed22f99227e2 2008.1/i586/finch-2.4.1-2.3mdv2008.1.i586.rpm
1591abeaedbde92f9e851fc163ecbc14 2008.1/i586/libfinch0-2.4.1-2.3mdv2008.1.i586.rpm
81b2f07e1a3e82683dd761e913630ae8 2008.1/i586/libpurple0-2.4.1-2.3mdv2008.1.i586.rpm
bc958e4178ea9037b2faef5e46fdc367 2008.1/i586/libpurple-devel-2.4.1-2.3mdv2008.1.i586.rpm
9ad56f8214068aa578c74de4476b6a21 2008.1/i586/pidgin-2.4.1-2.3mdv2008.1.i586.rpm
97e7beb6d69c8cd48427845537cd7092 2008.1/i586/pidgin-bonjour-2.4.1-2.3mdv2008.1.i586.rpm
4bc7839dba2efbe27fb814be39c0e2d3 2008.1/i586/pidgin-client-2.4.1-2.3mdv2008.1.i586.rpm
551a0888b40c5b234f14d9814a9249d2 2008.1/i586/pidgin-gevolution-2.4.1-2.3mdv2008.1.i586.rpm
86ccded472fa0974e1a28be7d559ff4a 2008.1/i586/pidgin-i18n-2.4.1-2.3mdv2008.1.i586.rpm
37869e45dee88264c183faf4f4ad5140 2008.1/i586/pidgin-meanwhile-2.4.1-2.3mdv2008.1.i586.rpm
0c424324da44beb62b61243106fc3599 2008.1/i586/pidgin-mono-2.4.1-2.3mdv2008.1.i586.rpm
c61e9c1cd651abcc805970df7dcae18a 2008.1/i586/pidgin-perl-2.4.1-2.3mdv2008.1.i586.rpm
fbc16077149cff9111bda6ada529ef5f 2008.1/i586/pidgin-silc-2.4.1-2.3mdv2008.1.i586.rpm
f97215d6643336a155e298a404386d7e 2008.1/i586/pidgin-tcl-2.4.1-2.3mdv2008.1.i586.rpm
a7816e51fd0c35798accad228aa67be9 2008.1/SRPMS/pidgin-2.4.1-2.3mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
63ba74e6aeae1f940cdd4b5d6af3128b 2008.1/x86_64/finch-2.4.1-2.3mdv2008.1.x86_64.rpm
c9cbed1c7267fd449e6c26ad8454e438 2008.1/x86_64/lib64finch0-2.4.1-2.3mdv2008.1.x86_64.rpm
739eeb3e632023f89acd9e4baf826590 2008.1/x86_64/lib64purple0-2.4.1-2.3mdv2008.1.x86_64.rpm
e63ce782ee2e8b9e157fa85ccd7f4511 2008.1/x86_64/lib64purple-devel-2.4.1-2.3mdv2008.1.x86_64.rpm
e80d06d3e544b29f406c291a23b005b8 2008.1/x86_64/pidgin-2.4.1-2.3mdv2008.1.x86_64.rpm
5aa3f2383fd83b025efa28bf9b6d817d 2008.1/x86_64/pidgin-bonjour-2.4.1-2.3mdv2008.1.x86_64.rpm
cea0458cbf8fb2e16131e33a7f1e2587 2008.1/x86_64/pidgin-client-2.4.1-2.3mdv2008.1.x86_64.rpm
54327daad8ed2658fe9c9bbe8482f388 2008.1/x86_64/pidgin-gevolution-2.4.1-2.3mdv2008.1.x86_64.rpm
08d375b245f16b41077e6e9baf82c6df 2008.1/x86_64/pidgin-i18n-2.4.1-2.3mdv2008.1.x86_64.rpm
536edfbb015f173dcc09a7c4481b20cd 2008.1/x86_64/pidgin-meanwhile-2.4.1-2.3mdv2008.1.x86_64.rpm
6747c3d56d317d3733bea26a2d18fe9a 2008.1/x86_64/pidgin-mono-2.4.1-2.3mdv2008.1.x86_64.rpm
ae3767379a0ccbcc577d8521fbed8432 2008.1/x86_64/pidgin-perl-2.4.1-2.3mdv2008.1.x86_64.rpm
5e8b1bfd757e596536e0c0fa8f680aea 2008.1/x86_64/pidgin-silc-2.4.1-2.3mdv2008.1.x86_64.rpm
9b2f9b0732f14981423f57454e68b3b1 2008.1/x86_64/pidgin-tcl-2.4.1-2.3mdv2008.1.x86_64.rpm
a7816e51fd0c35798accad228aa67be9 2008.1/SRPMS/pidgin-2.4.1-2.3mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJeOvHmqjQ0CJFipgRAraEAJ98EF/sllsypuWtjUk/7wUDNstJPACg85S/
MdDiL87nCpghlEbABOrCLmk=
=wRcj
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close