-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:208 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pidgin Date : October 21, 2010 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A security vulnerability has been identified and fixed in pidgin: It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service (CVE-2010-3711). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides pidgin 2.7.4, which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3711 http://pidgin.im/news/security/ _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 01b8018cd3acd742b80ae39cf9437f61 2009.0/i586/finch-2.7.4-0.1mdv2009.0.i586.rpm 7e9adf0099fc897f11377897f879b8ee 2009.0/i586/libfinch0-2.7.4-0.1mdv2009.0.i586.rpm 149fce87377d5d0b2c33b616f45c973a 2009.0/i586/libpurple0-2.7.4-0.1mdv2009.0.i586.rpm 704fe07620e9822116bf7d7d0d58d7b2 2009.0/i586/libpurple-devel-2.7.4-0.1mdv2009.0.i586.rpm e1c4593f294198e53b9a3fe1a0bab068 2009.0/i586/pidgin-2.7.4-0.1mdv2009.0.i586.rpm 96bdc026fd3bcdc86f3a2968dc346253 2009.0/i586/pidgin-bonjour-2.7.4-0.1mdv2009.0.i586.rpm e200d998e4d1e02bbf2c6c1813199c55 2009.0/i586/pidgin-client-2.7.4-0.1mdv2009.0.i586.rpm 3b0973e9f4a7a3850699ecbf05c7594f 2009.0/i586/pidgin-gevolution-2.7.4-0.1mdv2009.0.i586.rpm 65a4bc6fbc1ad89e1985ebecd5420255 2009.0/i586/pidgin-i18n-2.7.4-0.1mdv2009.0.i586.rpm 70b78c339f53fb9c3dab8c6ac587d903 2009.0/i586/pidgin-meanwhile-2.7.4-0.1mdv2009.0.i586.rpm ac8affa20bd6bb5e93987804885f6bfc 2009.0/i586/pidgin-perl-2.7.4-0.1mdv2009.0.i586.rpm 195a4a495944d9d59abff9f7617a877a 2009.0/i586/pidgin-plugins-2.7.4-0.1mdv2009.0.i586.rpm 26c08e34c2392f67994811b18286d2cd 2009.0/i586/pidgin-silc-2.7.4-0.1mdv2009.0.i586.rpm 9dde81a28d9f1538cd9d97c48fdcf991 2009.0/i586/pidgin-tcl-2.7.4-0.1mdv2009.0.i586.rpm bbfe063e27008c72e0a2f9793906f5e4 2009.0/SRPMS/pidgin-2.7.4-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b47c892f7c4874a95dd98bb6864354cc 2009.0/x86_64/finch-2.7.4-0.1mdv2009.0.x86_64.rpm 08d882fd48a6e2e74716a3605751475a 2009.0/x86_64/lib64finch0-2.7.4-0.1mdv2009.0.x86_64.rpm 9b77d3f7691759132cd83c143d545bbc 2009.0/x86_64/lib64purple0-2.7.4-0.1mdv2009.0.x86_64.rpm db9e939bd921d388aa28e3da5e1f1e74 2009.0/x86_64/lib64purple-devel-2.7.4-0.1mdv2009.0.x86_64.rpm f34250d75b0fd111c45ee8e3a7e066f2 2009.0/x86_64/pidgin-2.7.4-0.1mdv2009.0.x86_64.rpm d372c8bb109cb12708b9e02706879411 2009.0/x86_64/pidgin-bonjour-2.7.4-0.1mdv2009.0.x86_64.rpm cef6333cc6b7aedd8eb5d38a38925506 2009.0/x86_64/pidgin-client-2.7.4-0.1mdv2009.0.x86_64.rpm 12fb53acdd919875a6ca23ee2a2e6fa4 2009.0/x86_64/pidgin-gevolution-2.7.4-0.1mdv2009.0.x86_64.rpm 29077064095cc4fb8ef64bd06e7f495c 2009.0/x86_64/pidgin-i18n-2.7.4-0.1mdv2009.0.x86_64.rpm 5d71995b91428993338169017a853e6f 2009.0/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2009.0.x86_64.rpm cafd698ff2ccc9a0b1b63e3e4724ceba 2009.0/x86_64/pidgin-perl-2.7.4-0.1mdv2009.0.x86_64.rpm e4f1437744385900c5c3bb2f7a34e41e 2009.0/x86_64/pidgin-plugins-2.7.4-0.1mdv2009.0.x86_64.rpm 4c88b13b9066c871e656d6c7b5de3749 2009.0/x86_64/pidgin-silc-2.7.4-0.1mdv2009.0.x86_64.rpm f1b7210f0909e75bb1ea6ab8dacb6474 2009.0/x86_64/pidgin-tcl-2.7.4-0.1mdv2009.0.x86_64.rpm bbfe063e27008c72e0a2f9793906f5e4 2009.0/SRPMS/pidgin-2.7.4-0.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 4a807e2430c8de3afef0fd8705c64756 2010.0/i586/finch-2.7.4-0.1mdv2010.0.i586.rpm 37c9fa1be9da720ab2df2a23d05b2e45 2010.0/i586/libfinch0-2.7.4-0.1mdv2010.0.i586.rpm 01b0d18fdd89e7e9d21e1efcb7ed25ef 2010.0/i586/libpurple0-2.7.4-0.1mdv2010.0.i586.rpm b09905fe21241e96782d31836aa569f6 2010.0/i586/libpurple-devel-2.7.4-0.1mdv2010.0.i586.rpm d567efd8c615daf2775c1ddce4564021 2010.0/i586/pidgin-2.7.4-0.1mdv2010.0.i586.rpm bf724f06c191e8650020fb6003f3faba 2010.0/i586/pidgin-bonjour-2.7.4-0.1mdv2010.0.i586.rpm 461e35ca45634158c58272611e4ddacb 2010.0/i586/pidgin-client-2.7.4-0.1mdv2010.0.i586.rpm 8a393a58991ba50ad0807344cf2c478e 2010.0/i586/pidgin-i18n-2.7.4-0.1mdv2010.0.i586.rpm 863288bdf3cf44201e5415360a37759d 2010.0/i586/pidgin-meanwhile-2.7.4-0.1mdv2010.0.i586.rpm 9d8acc16066fbb8bd0f4761ddb3c2ba2 2010.0/i586/pidgin-perl-2.7.4-0.1mdv2010.0.i586.rpm d40861e4c5057921c9fa3100eda105d2 2010.0/i586/pidgin-plugins-2.7.4-0.1mdv2010.0.i586.rpm 6ac3930f70bddf3c4123581a93284a75 2010.0/i586/pidgin-silc-2.7.4-0.1mdv2010.0.i586.rpm 39873d607b4eb80a572980cc3fa2618d 2010.0/i586/pidgin-tcl-2.7.4-0.1mdv2010.0.i586.rpm 63aad6d2640bea78635af260eb15e4e7 2010.0/SRPMS/pidgin-2.7.4-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: d33440025d515faac1c2de0d63470689 2010.0/x86_64/finch-2.7.4-0.1mdv2010.0.x86_64.rpm b7da5c6d406b846f6804575d27aa054b 2010.0/x86_64/lib64finch0-2.7.4-0.1mdv2010.0.x86_64.rpm f379295d1a0e5c8297f7ea61c08fbdcf 2010.0/x86_64/lib64purple0-2.7.4-0.1mdv2010.0.x86_64.rpm e2363709649222e0674cacca226a7598 2010.0/x86_64/lib64purple-devel-2.7.4-0.1mdv2010.0.x86_64.rpm 6277cb0f9abc993337c99d73f1221d9e 2010.0/x86_64/pidgin-2.7.4-0.1mdv2010.0.x86_64.rpm 9e4e105527c33c6ed1f3a118d6b587f9 2010.0/x86_64/pidgin-bonjour-2.7.4-0.1mdv2010.0.x86_64.rpm c38603a08ab36de1e3319f5de00d4a00 2010.0/x86_64/pidgin-client-2.7.4-0.1mdv2010.0.x86_64.rpm d8afed2b2c1894cdfff85e839836da83 2010.0/x86_64/pidgin-i18n-2.7.4-0.1mdv2010.0.x86_64.rpm cf09e11175aaca4a215769e0fc9e0691 2010.0/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2010.0.x86_64.rpm c8ed1b4e923d25a256c30a3704211728 2010.0/x86_64/pidgin-perl-2.7.4-0.1mdv2010.0.x86_64.rpm 5681e4be75d0919bb184aaa82bc0752b 2010.0/x86_64/pidgin-plugins-2.7.4-0.1mdv2010.0.x86_64.rpm 85f86aca240ff6196a2a731bcfdfd6c0 2010.0/x86_64/pidgin-silc-2.7.4-0.1mdv2010.0.x86_64.rpm cbaef9319bdb01b9b5650ee018e44b71 2010.0/x86_64/pidgin-tcl-2.7.4-0.1mdv2010.0.x86_64.rpm 63aad6d2640bea78635af260eb15e4e7 2010.0/SRPMS/pidgin-2.7.4-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: daa563bc19aefac348406b2967dd5198 2010.1/i586/finch-2.7.4-0.1mdv2010.1.i586.rpm 1725cbd72886e6c5c7ba799e6bf7a2b3 2010.1/i586/libfinch0-2.7.4-0.1mdv2010.1.i586.rpm fd12fecc40d6bcc351fe9301d864bd74 2010.1/i586/libpurple0-2.7.4-0.1mdv2010.1.i586.rpm d2f5da55fb65a65bca430be42185fe85 2010.1/i586/libpurple-devel-2.7.4-0.1mdv2010.1.i586.rpm 12f76b9d9eb772299a0aa8044f79b977 2010.1/i586/pidgin-2.7.4-0.1mdv2010.1.i586.rpm d6b3066c5c5203b4e360fec65abb5391 2010.1/i586/pidgin-bonjour-2.7.4-0.1mdv2010.1.i586.rpm aa4295bfecf6ea30a8f76fbea31a2950 2010.1/i586/pidgin-client-2.7.4-0.1mdv2010.1.i586.rpm 376b624fbf585bb52d38de13c2c9c10f 2010.1/i586/pidgin-i18n-2.7.4-0.1mdv2010.1.i586.rpm 4e77093d0c961860e4b2e06f28aadea2 2010.1/i586/pidgin-meanwhile-2.7.4-0.1mdv2010.1.i586.rpm 2277aba94650914da2d81ca8ecb2a0b0 2010.1/i586/pidgin-perl-2.7.4-0.1mdv2010.1.i586.rpm 385f4cd23bd21a324b66b71d7ade9ef5 2010.1/i586/pidgin-plugins-2.7.4-0.1mdv2010.1.i586.rpm 8fa9bc424818b57d0d1e44fe11c109b7 2010.1/i586/pidgin-silc-2.7.4-0.1mdv2010.1.i586.rpm 7b9ac35c31f10c4acdfc7395c1986d34 2010.1/i586/pidgin-tcl-2.7.4-0.1mdv2010.1.i586.rpm 3dbb70c26d2c34d6ea4654f3c512bb80 2010.1/SRPMS/pidgin-2.7.4-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 9bf4db0c952dcb7327f0b8f910007a25 2010.1/x86_64/finch-2.7.4-0.1mdv2010.1.x86_64.rpm 0f48e91b1a3438d778bbd0f7a8283df7 2010.1/x86_64/lib64finch0-2.7.4-0.1mdv2010.1.x86_64.rpm ee07888c4238e85d0ea5e8ca27b1fc00 2010.1/x86_64/lib64purple0-2.7.4-0.1mdv2010.1.x86_64.rpm 027787856ab719b964c8a57ee4a31170 2010.1/x86_64/lib64purple-devel-2.7.4-0.1mdv2010.1.x86_64.rpm 84ef91740b17a15c59cd4b7e3e09090c 2010.1/x86_64/pidgin-2.7.4-0.1mdv2010.1.x86_64.rpm 945e9b24c36a646dcca68346d1e7dfb6 2010.1/x86_64/pidgin-bonjour-2.7.4-0.1mdv2010.1.x86_64.rpm 65990fa4e32506710e4db308274037f2 2010.1/x86_64/pidgin-client-2.7.4-0.1mdv2010.1.x86_64.rpm 098cc3fe4e0aac347c68a38873c05d79 2010.1/x86_64/pidgin-i18n-2.7.4-0.1mdv2010.1.x86_64.rpm 51a6c4767d373cba0f499c673079f2ee 2010.1/x86_64/pidgin-meanwhile-2.7.4-0.1mdv2010.1.x86_64.rpm ebc9d173dd649d73de62e7f06fee199b 2010.1/x86_64/pidgin-perl-2.7.4-0.1mdv2010.1.x86_64.rpm 6ca6300450ff10af4cde531f70472b3d 2010.1/x86_64/pidgin-plugins-2.7.4-0.1mdv2010.1.x86_64.rpm ea4d539e2f361039f373637bf2ed4198 2010.1/x86_64/pidgin-silc-2.7.4-0.1mdv2010.1.x86_64.rpm 0e236ab946dc9723e5a5a04bcd43ad0c 2010.1/x86_64/pidgin-tcl-2.7.4-0.1mdv2010.1.x86_64.rpm 3dbb70c26d2c34d6ea4654f3c512bb80 2010.1/SRPMS/pidgin-2.7.4-0.1mdv2010.1.src.rpm Mandriva Enterprise Server 5: b5c16317d7099d21b79f19ee19ff7ae2 mes5/i586/finch-2.7.4-0.1mdvmes5.1.i586.rpm b537734c5f52322aceb026d5db9b9162 mes5/i586/libfinch0-2.7.4-0.1mdvmes5.1.i586.rpm 11a0cf996b1356277305cc4ba1ff0d73 mes5/i586/libpurple0-2.7.4-0.1mdvmes5.1.i586.rpm 37ed98fc174bdfb18654f241d2f5b43f mes5/i586/libpurple-devel-2.7.4-0.1mdvmes5.1.i586.rpm 47a44f3d2b4ccf92fb4590c2416cd692 mes5/i586/pidgin-2.7.4-0.1mdvmes5.1.i586.rpm f4cb4f9582bc531962b797582296f7b7 mes5/i586/pidgin-bonjour-2.7.4-0.1mdvmes5.1.i586.rpm c2ce0880a47d79043afc6e0aa298a7c5 mes5/i586/pidgin-client-2.7.4-0.1mdvmes5.1.i586.rpm a21cffe7e18881a0c1e46f60a0c91329 mes5/i586/pidgin-gevolution-2.7.4-0.1mdvmes5.1.i586.rpm 9d19886f22b6cf3547a11f298fed7929 mes5/i586/pidgin-i18n-2.7.4-0.1mdvmes5.1.i586.rpm ca196aa64dd2f908f3bc6cd9859b004c mes5/i586/pidgin-meanwhile-2.7.4-0.1mdvmes5.1.i586.rpm e3cec4a41647043fe2c62ebda38b86fb mes5/i586/pidgin-perl-2.7.4-0.1mdvmes5.1.i586.rpm bbd471bd4884e2a5c328dcb778877b80 mes5/i586/pidgin-plugins-2.7.4-0.1mdvmes5.1.i586.rpm f057d93c50d2731e729375398b48c36c mes5/i586/pidgin-silc-2.7.4-0.1mdvmes5.1.i586.rpm 5d6e4b4b61613b2208870b27de6be0a7 mes5/i586/pidgin-tcl-2.7.4-0.1mdvmes5.1.i586.rpm 2483e5fed52b74308507cb2f30a4c38f mes5/SRPMS/pidgin-2.7.4-0.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 302777f83318b579fc3bcaabf900b391 mes5/x86_64/finch-2.7.4-0.1mdvmes5.1.x86_64.rpm bba3472cf7c7f7e9366067224679b1c7 mes5/x86_64/lib64finch0-2.7.4-0.1mdvmes5.1.x86_64.rpm f1ef4eff8cd40dd51dc212bd80de9cfa mes5/x86_64/lib64purple0-2.7.4-0.1mdvmes5.1.x86_64.rpm 4146c636a8ec030c5047234d2f759dbf mes5/x86_64/lib64purple-devel-2.7.4-0.1mdvmes5.1.x86_64.rpm d15e9cf42d5cfdb0134cc7e5a9de61c7 mes5/x86_64/pidgin-2.7.4-0.1mdvmes5.1.x86_64.rpm 41e1716e32c1b6012ba8caa78af071fd mes5/x86_64/pidgin-bonjour-2.7.4-0.1mdvmes5.1.x86_64.rpm 034466f6041515980f32b8215c7eb6b1 mes5/x86_64/pidgin-client-2.7.4-0.1mdvmes5.1.x86_64.rpm bbf133dd536393c15ca04c9001dc17d7 mes5/x86_64/pidgin-gevolution-2.7.4-0.1mdvmes5.1.x86_64.rpm b077d8da6b9b62ee1a9e3ffe39a83cff mes5/x86_64/pidgin-i18n-2.7.4-0.1mdvmes5.1.x86_64.rpm a52e5b1422db42aec19d652ddb2af5df mes5/x86_64/pidgin-meanwhile-2.7.4-0.1mdvmes5.1.x86_64.rpm d52129496b6514510c38ed418196be9b mes5/x86_64/pidgin-perl-2.7.4-0.1mdvmes5.1.x86_64.rpm 0008086123698397d2ce6e7513073fa2 mes5/x86_64/pidgin-plugins-2.7.4-0.1mdvmes5.1.x86_64.rpm e1de50c4ceb7bebfd72b9cc03773fa01 mes5/x86_64/pidgin-silc-2.7.4-0.1mdvmes5.1.x86_64.rpm 735ee9a9bbed5b00b06abdb362b8442e mes5/x86_64/pidgin-tcl-2.7.4-0.1mdvmes5.1.x86_64.rpm 2483e5fed52b74308507cb2f30a4c38f mes5/SRPMS/pidgin-2.7.4-0.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMwBiXmqjQ0CJFipgRArZLAJ9MkstXEpf0wj8nL8m/aDOLvKKXOwCgtval x98T648MTl8HJWgM8MyrXD0= =fx41 -----END PGP SIGNATURE-----