-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:025 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : pidgin Date : February 11, 2014 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in pidgin: The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences (CVE-2012-6152). Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message (CVE-2013-6477). gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip (CVE-2013-6478). util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response (CVE-2013-6479). libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read (CVE-2013-6481). Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header (CVE-2013-6482). The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply (CVE-2013-6483). The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error (CVE-2013-6484). Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data (CVE-2013-6485). gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185 (CVE-2013-6486). Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow (CVE-2013-6487). Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow (CVE-2013-6489). The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow (CVE-2013-6490). The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message (CVE-2014-0020). This update provides pidgin 2.10.9, which is not vulnerable to these issues. Additionally a build problem conserning sqlite3 was discovered and fixed, therefore fixed sqlite3 packages is also provided with this advisory. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020 http://www.pidgin.im/news/security/ _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: d5e069e752c3e17c4da5aa68e0b58861 mes5/i586/finch-2.10.9-0.1mdvmes5.2.i586.rpm 59e74cb9433ce7913641c650902a46ef mes5/i586/lemon-3.7.17-0.2mdvmes5.2.i586.rpm 622382a4c075b1a34e07557893c46e37 mes5/i586/libfinch0-2.10.9-0.1mdvmes5.2.i586.rpm 259cedc6c30b9a1b405a8648965ba698 mes5/i586/libpurple0-2.10.9-0.1mdvmes5.2.i586.rpm 0ab50a1d9b026f40ff1bd1c387365942 mes5/i586/libpurple-devel-2.10.9-0.1mdvmes5.2.i586.rpm d74e7b6d9e51aba8934b35c586b91ad1 mes5/i586/libsqlite3_0-3.7.17-0.2mdvmes5.2.i586.rpm 7e8328f32d8f5a04d467f681bcad63ea mes5/i586/libsqlite3-devel-3.7.17-0.2mdvmes5.2.i586.rpm e4c5573f96eac1d929dd230a7865382b mes5/i586/libsqlite3-static-devel-3.7.17-0.2mdvmes5.2.i586.rpm c04ea89dee22c74eafd9b3024d4ade75 mes5/i586/pidgin-2.10.9-0.1mdvmes5.2.i586.rpm e9b40d036b1a72333b6a3eeee09cccdb mes5/i586/pidgin-bonjour-2.10.9-0.1mdvmes5.2.i586.rpm 19813100aac040610354d571e9cca8bc mes5/i586/pidgin-client-2.10.9-0.1mdvmes5.2.i586.rpm 8136df89bdc4d840c9a54a52b0ed0e63 mes5/i586/pidgin-gevolution-2.10.9-0.1mdvmes5.2.i586.rpm fc2163f93b0ae4ead4c7435fb4f120e6 mes5/i586/pidgin-i18n-2.10.9-0.1mdvmes5.2.i586.rpm 076a516d309c63bf23dd22f50a4784ae mes5/i586/pidgin-meanwhile-2.10.9-0.1mdvmes5.2.i586.rpm 5f97910f07a93533f37b9b85b6ce17c7 mes5/i586/pidgin-perl-2.10.9-0.1mdvmes5.2.i586.rpm 0e253e8be6fe43e608e561dc8aea85e5 mes5/i586/pidgin-plugins-2.10.9-0.1mdvmes5.2.i586.rpm 751f1e9e64876916d4e94d2b98c48305 mes5/i586/pidgin-silc-2.10.9-0.1mdvmes5.2.i586.rpm 0fe038d2e0a1af10101a44c830d962e7 mes5/i586/pidgin-tcl-2.10.9-0.1mdvmes5.2.i586.rpm 8a9c11da3d1b6631c5903bb17ceff35c mes5/i586/sqlite3-tcl-3.7.17-0.2mdvmes5.2.i586.rpm c97a4fad0918784bc99108eae935b3cb mes5/i586/sqlite3-tools-3.7.17-0.2mdvmes5.2.i586.rpm eff3563dfb7c81e0b56bb75b122897d3 mes5/SRPMS/pidgin-2.10.9-0.1mdvmes5.2.src.rpm feb4686f16dd3bf86525874ecac26270 mes5/SRPMS/sqlite3-3.7.17-0.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: c542e6f719b399da75417f97274b21a4 mes5/x86_64/finch-2.10.9-0.1mdvmes5.2.x86_64.rpm dd418736a2897d4cb9057b0de35bc2aa mes5/x86_64/lemon-3.7.17-0.2mdvmes5.2.x86_64.rpm 325a2f54d9a9dab7091ca3db315d9a0d mes5/x86_64/lib64finch0-2.10.9-0.1mdvmes5.2.x86_64.rpm 06ffc4fe6aaff23bfa55b32f1b104553 mes5/x86_64/lib64purple0-2.10.9-0.1mdvmes5.2.x86_64.rpm 95b09c1e20930274cc157b7cbdc1ed30 mes5/x86_64/lib64purple-devel-2.10.9-0.1mdvmes5.2.x86_64.rpm 29400793bb255c219aaf632d2c29992e mes5/x86_64/lib64sqlite3_0-3.7.17-0.2mdvmes5.2.x86_64.rpm 7d50c2c9a0ba8dbb4503d998565c8054 mes5/x86_64/lib64sqlite3-devel-3.7.17-0.2mdvmes5.2.x86_64.rpm 9e4b938ceb9ba6632c6793f8ae742918 mes5/x86_64/lib64sqlite3-static-devel-3.7.17-0.2mdvmes5.2.x86_64.rpm 16fa661249fbe539a5767ba293e954f0 mes5/x86_64/pidgin-2.10.9-0.1mdvmes5.2.x86_64.rpm f2f946951136034027f0975f3ebcf13c mes5/x86_64/pidgin-bonjour-2.10.9-0.1mdvmes5.2.x86_64.rpm 8f69b2e27d0ded87aa76cb595775d744 mes5/x86_64/pidgin-client-2.10.9-0.1mdvmes5.2.x86_64.rpm 7aa49805c62357537de5545f6c4c09b0 mes5/x86_64/pidgin-gevolution-2.10.9-0.1mdvmes5.2.x86_64.rpm d1d9652103f7b2ad47910dc95762d96e mes5/x86_64/pidgin-i18n-2.10.9-0.1mdvmes5.2.x86_64.rpm 17f1f4181d242156357053c51680b44e mes5/x86_64/pidgin-meanwhile-2.10.9-0.1mdvmes5.2.x86_64.rpm b54af0150969364e33e458f33c4ec8f6 mes5/x86_64/pidgin-perl-2.10.9-0.1mdvmes5.2.x86_64.rpm 7466096e476af27c108d24871106704d mes5/x86_64/pidgin-plugins-2.10.9-0.1mdvmes5.2.x86_64.rpm 6df18cb5be0699d8e7972eac6694290c mes5/x86_64/pidgin-silc-2.10.9-0.1mdvmes5.2.x86_64.rpm c27fceeb99785261185d8864204d61e8 mes5/x86_64/pidgin-tcl-2.10.9-0.1mdvmes5.2.x86_64.rpm d05b1b1c334e339acb80c3557fd42cc8 mes5/x86_64/sqlite3-tcl-3.7.17-0.2mdvmes5.2.x86_64.rpm 6b82dedf6e42f809ec943c076dff67f9 mes5/x86_64/sqlite3-tools-3.7.17-0.2mdvmes5.2.x86_64.rpm eff3563dfb7c81e0b56bb75b122897d3 mes5/SRPMS/pidgin-2.10.9-0.1mdvmes5.2.src.rpm feb4686f16dd3bf86525874ecac26270 mes5/SRPMS/sqlite3-3.7.17-0.2mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS+gm/mqjQ0CJFipgRAglhAJ9pHRmOiX3IS07H90G/CqZQIZi8XwCghvOW vZrdz+M7YegoIowGho3xYXQ= =2vhw -----END PGP SIGNATURE-----