exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 2038-3

Debian Security Advisory 2038-3
Posted Nov 15, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2038-3 - The packages for Pidgin released as DSA 2038-2 had a regression, as they unintentionally disabled the Silc, Simple, and Yahoo instant messaging protocols. This update restore that functionality. Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. Crafted nicknames in the XMPP protocol can crash Pidgin remotely. Remote contacts may send too many custom smilies, crashing Pidgin.

tags | advisory, remote, vulnerability, protocol
systems | linux, debian
advisories | CVE-2010-0420, CVE-2010-0423
SHA-256 | e167ab2c3a9029ef4b4afd8f25fc54a104528ce4117d118636049500e1ac4f42

Debian Security Advisory 2038-3

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2038-3 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
November 13, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : pidgin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0420 CVE-2010-0423
Debian Bug : 566775 579601

The packages for Pidgin released as DSA 2038-2 had a regression, as they
unintentionally disabled the Silc, Simple, and Yahoo instant messaging
protocols. This update restore that functionality. For reference the
original advisory text below.

Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2010-0420

Crafted nicknames in the XMPP protocol can crash Pidgin remotely.

CVE-2010-0423

Remote contacts may send too many custom smilies, crashing Pidgin.

Since a few months, Microsoft's servers for MSN have changed the protocol,
making Pidgin non-functional for use with MSN. It is not feasible to port
these changes to the version of Pidgin in Debian Lenny. This update
formalises that situation by disabling the protocol in the client. Users
of the MSN protocol are advised to use the version of Pidgin in the
repositories of www.backports.org.

For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny8.

For the unstable distribution (sid), these problems have been fixed in
version 2.6.6-1.

We recommend that you upgrade your pidgin package.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.diff.gz
Size/MD5 checksum: 72269 0119701838d8ad1cdeac7ce4c91bae65
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.dsc
Size/MD5 checksum: 1769 ad33ad23693b546e86e0912e88a4ea12

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 278150 84022a327404419ae540f3f3bc427e3b
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 133688 16372c01693c7744ff48f411aaaac5a2
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 7014900 c2c210652333d77e3573be4a8a699c9b
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 159954 51bde77053b4ea6e14b1442bf1a1607d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 194580 a7dde485b3f5d3e4893ceb2a22ee47aa

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 5315572 1cf0367c5e3881549bac1a4fe45aa5eb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 371260 ba6898cf2c154319bffcc9cd6d4cd4a7
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 777478 228be5cdb1f26820e5f5348096f3c3ee
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 1719898 c04983751b915ceeef5a2d884edddcfd

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 1633712 927a05948c7ea50b4ff1515820495093
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 347692 4bea6a2d558defbfc9cf1bee25ec4a4d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 727282 b148a28348d91d43e78b02798893bb6a
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 5428234 ab7cc975d13b3abd8faa2498896d8d44

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 5118248 e2f34bded56a07650f91e119cd739c7b
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 315658 18a22ae56dab911aa7c8667db51afbc4
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 655810 200950fcc1f558d92e50fda7f494ea0b
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 1422998 1e4c635bdba06539a081b1c6f422b1d2

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 1430694 4c96fa5a80593ddf0c3e4f998173bdcf
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 667108 330bd6dcb19da7bb1ce21013f035ae32
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 5152254 6b61008ee4337db73612d4943ed756e6
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 319130 56c3e97232ceb5fed1688dff1c6b07f2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_hppa.deb
Size/MD5 checksum: 5249334 f9380ac4d099646026092869254f36af
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_hppa.deb
Size/MD5 checksum: 360850 31898206d949ddd8a0645e756700e5e6
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_hppa.deb
Size/MD5 checksum: 752928 5668adccc2caf428e04b35adad06753a
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_hppa.deb
Size/MD5 checksum: 1741168 32a16b666040fd28dad3a50cb2508edd

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_i386.deb
Size/MD5 checksum: 5142098 46afbb8656ef35617b90e5272ff4fb0f
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_i386.deb
Size/MD5 checksum: 326492 8ffe29c959a8494c2421a0aa2f4f4d32
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_i386.deb
Size/MD5 checksum: 679860 9588d20c33677a0acfffce3a98c97280
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_i386.deb
Size/MD5 checksum: 1506712 e324dae1d982241abb5537b719a4831a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_ia64.deb
Size/MD5 checksum: 5000868 ae42b44a76ecb3558c5a2e5db5f19e2a
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_ia64.deb
Size/MD5 checksum: 2087484 b7bc9718fd1ef427eb763a34c34b900b
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_ia64.deb
Size/MD5 checksum: 435108 aa579727d0272a8fb8968bfa6e4062a7
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_ia64.deb
Size/MD5 checksum: 948900 9f829afda7629eeca4f38bb043f20676

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mips.deb
Size/MD5 checksum: 1304070 c57c7afa0b340b070bc2f54f340549a3
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mips.deb
Size/MD5 checksum: 320686 c3a2186b1f6037b7fd66bdef4e47e26b
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mips.deb
Size/MD5 checksum: 656496 8b848d690917eab703a60698a3be2e1f
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mips.deb
Size/MD5 checksum: 5409338 e7fbcb9776703eb244a79fcb363adbbd

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mipsel.deb
Size/MD5 checksum: 1291760 7fb32d3297f440c73e964081860e460e
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mipsel.deb
Size/MD5 checksum: 318700 e5baa0a06a8900638e3088b9879b1923
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mipsel.deb
Size/MD5 checksum: 5306128 762422060524ce5019abe682005dd273
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mipsel.deb
Size/MD5 checksum: 651552 892ac43fc97903793d60239843524bc7

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_powerpc.deb
Size/MD5 checksum: 1682748 37529f1ef367a5e984aa027c5f270d8b
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_powerpc.deb
Size/MD5 checksum: 757670 9a9aef7b7215ba897e731e0dc1c2e645
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_powerpc.deb
Size/MD5 checksum: 362828 f2482932f44d26f9878d1943e24fbb6a
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_powerpc.deb
Size/MD5 checksum: 5360552 12cef47bcab4db9af3071cb31ce1c4f9

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_s390.deb
Size/MD5 checksum: 5331892 1de914be4947ec1f1d4e9f029f350480
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_s390.deb
Size/MD5 checksum: 360378 e9bb6c133cb59909e1418fae60245352
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_s390.deb
Size/MD5 checksum: 719338 795beea30a9d2d289ebbd9e2ffc0f286
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_s390.deb
Size/MD5 checksum: 1562530 186ca2624c320ef40cfcf309bd6bcf32

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_sparc.deb
Size/MD5 checksum: 683482 7e54e2b074c6d6ad4a1fb28a070009f2
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_sparc.deb
Size/MD5 checksum: 4921794 c712395d28b865aab3ede218504c7ae4
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_sparc.deb
Size/MD5 checksum: 329552 591579e595077a26fc6616302723bfe7
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_sparc.deb
Size/MD5 checksum: 1513948 68603d70bc41cb6f300a85ad9b0454df


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJM3uYeAAoJEOxfUAG2iX57Td8H/18wfLFH2TALauLI6KWRChGt
OW3gVYr0TgNUDj2NfJHW8bjns5xVrQvySgaQJPHu+4Xp5/5BanIreBT/cThVmC8q
U1urgfwImqun01/rIx/EJTTd+7Buw4AtboQqGoXA1NkhVHdtsRjeR8wTl9cT6/W0
fY8c3NTvShLdPEOYvqA5gaPxR62QPMjT50oTtzkwGNCKcsVMCMiPbeEcHdkA2ihf
0QbOV8MRUCXNFPG5cg270k9kLm6vrwMNLPoyHTCfZZfZ28FrRYG5TjHHYg3Dblo7
q8j/CMkjJI83/rbBfD1AeP9z1YdmxP1+IGlnjI2Zv907bIm1Enp5bE2+fxPchP0=
=ND5l
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close