-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:082 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pidgin Date : May 28, 2012 Affected: 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in pidgin: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests (CVE-2012-2214). Incoming messages with certain characters or character encodings can cause clients to crash (CVE-2012-2318). This update provides pidgin 2.10.4, which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318 http://www.pidgin.im/news/security/ http://www.pidgin.im/news/security/?id=62 http://www.pidgin.im/news/security/?id=63 _______________________________________________________________________ Updated Packages: Mandriva Linux 2011: bef050030adee6a6d8a6ce2116ef2997 2011/i586/finch-2.10.4-0.1-mdv2011.0.i586.rpm 0331afa765ec36c87f469500bf178ee4 2011/i586/libfinch0-2.10.4-0.1-mdv2011.0.i586.rpm 2bf80984270719e8e15414f49f2ab04b 2011/i586/libpurple0-2.10.4-0.1-mdv2011.0.i586.rpm 557db76a0aad842f0c2cb80e8a16ac7e 2011/i586/libpurple-devel-2.10.4-0.1-mdv2011.0.i586.rpm 7435f72c8cd2358d8aca7c29140c9c7d 2011/i586/pidgin-2.10.4-0.1-mdv2011.0.i586.rpm 17ea6ccf5344fac74668ea979d7da86a 2011/i586/pidgin-bonjour-2.10.4-0.1-mdv2011.0.i586.rpm a7a4475e3caa52e1353612f522856284 2011/i586/pidgin-client-2.10.4-0.1-mdv2011.0.i586.rpm 5771361b7c5713a34c9f116a0e6e9127 2011/i586/pidgin-gevolution-2.10.4-0.1-mdv2011.0.i586.rpm 0d5daddc1b6d6c0ab1ce0057e8b4b0ac 2011/i586/pidgin-i18n-2.10.4-0.1-mdv2011.0.i586.rpm ceafa80a86569642d974fe095414e725 2011/i586/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.i586.rpm 521837eb4a4bbaf19996f9a88f7936bb 2011/i586/pidgin-perl-2.10.4-0.1-mdv2011.0.i586.rpm 9c2a6a5e60aef9b19692cbec801b87b8 2011/i586/pidgin-plugins-2.10.4-0.1-mdv2011.0.i586.rpm 012809faae1cb25d0a3637a19858d9c9 2011/i586/pidgin-silc-2.10.4-0.1-mdv2011.0.i586.rpm 2127fe686c24f5a44c4ed680231e8cd6 2011/i586/pidgin-tcl-2.10.4-0.1-mdv2011.0.i586.rpm b977e3cb9a308a2e772b7ccb5d39c370 2011/SRPMS/pidgin-2.10.4-0.1.src.rpm Mandriva Linux 2011/X86_64: 69d6d461391fe01e8bb100fd252efde3 2011/x86_64/finch-2.10.4-0.1-mdv2011.0.x86_64.rpm e7485e20ba16037cf302cb7afc3fea89 2011/x86_64/lib64finch0-2.10.4-0.1-mdv2011.0.x86_64.rpm a7521660b6a2b6c9cd0acbdbcf6946c1 2011/x86_64/lib64purple0-2.10.4-0.1-mdv2011.0.x86_64.rpm 24757f828f3f25488be291e7d5365e00 2011/x86_64/lib64purple-devel-2.10.4-0.1-mdv2011.0.x86_64.rpm c552d655223d60f64e4089b1841a690c 2011/x86_64/pidgin-2.10.4-0.1-mdv2011.0.x86_64.rpm f95bc494277ff7e083413528c2cc42d9 2011/x86_64/pidgin-bonjour-2.10.4-0.1-mdv2011.0.x86_64.rpm b8461999b7a10719476fe6bd43ed972c 2011/x86_64/pidgin-client-2.10.4-0.1-mdv2011.0.x86_64.rpm 9ca33b7b07128f0f66bdb1b21cad4e84 2011/x86_64/pidgin-gevolution-2.10.4-0.1-mdv2011.0.x86_64.rpm b32f3c197ba607e9c2f92ded9ae0b283 2011/x86_64/pidgin-i18n-2.10.4-0.1-mdv2011.0.x86_64.rpm dd5b75e821d541f66e7d0766c9a6f6ae 2011/x86_64/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.x86_64.rpm f9bf0cd48c12e8a36e85f1dac2c06672 2011/x86_64/pidgin-perl-2.10.4-0.1-mdv2011.0.x86_64.rpm 71057b5d79e4dfba09321eee54d98dcb 2011/x86_64/pidgin-plugins-2.10.4-0.1-mdv2011.0.x86_64.rpm ffa4c2e94e4d2b0597ec94108340bada 2011/x86_64/pidgin-silc-2.10.4-0.1-mdv2011.0.x86_64.rpm d8e088f101b312bfde020e39a4134c2e 2011/x86_64/pidgin-tcl-2.10.4-0.1-mdv2011.0.x86_64.rpm b977e3cb9a308a2e772b7ccb5d39c370 2011/SRPMS/pidgin-2.10.4-0.1.src.rpm Mandriva Enterprise Server 5: 9a4c0fd6f19f32491cb81be5304b3b7f mes5/i586/finch-2.10.4-0.1mdvmes5.2.i586.rpm 871836ceb09eac2f02f1b3fa6b947506 mes5/i586/libfinch0-2.10.4-0.1mdvmes5.2.i586.rpm 2dd36fd15de2ddb55ec014f14a976561 mes5/i586/libpurple0-2.10.4-0.1mdvmes5.2.i586.rpm f280ae9695571a39a85bc9978d4525fe mes5/i586/libpurple-devel-2.10.4-0.1mdvmes5.2.i586.rpm d27b90b2e2f12ae89582f04b3f194751 mes5/i586/pidgin-2.10.4-0.1mdvmes5.2.i586.rpm 167a3742e07438466c270820613a5fcc mes5/i586/pidgin-bonjour-2.10.4-0.1mdvmes5.2.i586.rpm 02fbe71ad44ec5e8b2d4f9c470010654 mes5/i586/pidgin-client-2.10.4-0.1mdvmes5.2.i586.rpm edf56ff5975f98b4ea5b6463b43646d8 mes5/i586/pidgin-gevolution-2.10.4-0.1mdvmes5.2.i586.rpm a50fc90896857995ec2fcf4a9c20bea8 mes5/i586/pidgin-i18n-2.10.4-0.1mdvmes5.2.i586.rpm 7a8e884e0b61bff3a9afc432810261e0 mes5/i586/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.i586.rpm 5860dbaab368fccd0dc16e0d30f1be5c mes5/i586/pidgin-perl-2.10.4-0.1mdvmes5.2.i586.rpm ee1ca5f6cca543cf8f2d1af8acc92fdc mes5/i586/pidgin-plugins-2.10.4-0.1mdvmes5.2.i586.rpm 30af0a61aaebd8937983e416f74bbb2a mes5/i586/pidgin-silc-2.10.4-0.1mdvmes5.2.i586.rpm f7e8883d2fa5f20a0c59f3e1e1790adc mes5/i586/pidgin-tcl-2.10.4-0.1mdvmes5.2.i586.rpm c629adfa2d43585105be933466e6d366 mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 8c3da9c1ae1a49d3b048bb03be17810e mes5/x86_64/finch-2.10.4-0.1mdvmes5.2.x86_64.rpm a7a841ac4a2f3115f14930b2dd462074 mes5/x86_64/lib64finch0-2.10.4-0.1mdvmes5.2.x86_64.rpm 16120decc116f49a9bfc20e9642a3130 mes5/x86_64/lib64purple0-2.10.4-0.1mdvmes5.2.x86_64.rpm 396f02442c0cfbcb530fa518cbf3b389 mes5/x86_64/lib64purple-devel-2.10.4-0.1mdvmes5.2.x86_64.rpm 51f5c14a4e941e1ffc818408ec902af8 mes5/x86_64/pidgin-2.10.4-0.1mdvmes5.2.x86_64.rpm 1a607ed7b1772421bdb70e922119dca4 mes5/x86_64/pidgin-bonjour-2.10.4-0.1mdvmes5.2.x86_64.rpm 52a43e7519eccdde5570cc343697e271 mes5/x86_64/pidgin-client-2.10.4-0.1mdvmes5.2.x86_64.rpm 5b96e447aac38288c4147078b6bc3f8a mes5/x86_64/pidgin-gevolution-2.10.4-0.1mdvmes5.2.x86_64.rpm 7b88dfac197f7213bb9de95dfd47bc3c mes5/x86_64/pidgin-i18n-2.10.4-0.1mdvmes5.2.x86_64.rpm 4c766c56d7e11b2aa6c4089d93c41a3e mes5/x86_64/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.x86_64.rpm a688528aafafdcdb1033dd3a28b2df70 mes5/x86_64/pidgin-perl-2.10.4-0.1mdvmes5.2.x86_64.rpm fab9bbd6ad53f66c93ce0d8ce76c9ea5 mes5/x86_64/pidgin-plugins-2.10.4-0.1mdvmes5.2.x86_64.rpm 68f561d5573ec899fbc150a2e2b6db8b mes5/x86_64/pidgin-silc-2.10.4-0.1mdvmes5.2.x86_64.rpm 73feee59eeec17b84b028ba600874bfd mes5/x86_64/pidgin-tcl-2.10.4-0.1mdvmes5.2.x86_64.rpm c629adfa2d43585105be933466e6d366 mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPw4OemqjQ0CJFipgRAlkLAJ4s5jNQkDp07qoeBOJnXs5CpjO54QCfec5Z Puo+VFqX6322lldU1NTlMZk= =jEk/ -----END PGP SIGNATURE-----