-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:259 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pidgin Date : December 23, 2010 Affected: 2009.0, 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A null pointer dereference due to receiving a short packet for a direct connection in the MSN code could potentially cause a denial of service. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides pidgin 2.7.8 that has been patched to address this flaw. _______________________________________________________________________ References: http://pidgin.im/news/security/ _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: c268cfea5df24d94a1fce4ed9e9c8e2b 2009.0/i586/finch-2.7.8-0.2mdv2009.0.i586.rpm 1b83a79a24630273cb0fd6de36063d01 2009.0/i586/libfinch0-2.7.8-0.2mdv2009.0.i586.rpm 5ac73ba5e6b8f422fdd2dc8216112072 2009.0/i586/libpurple0-2.7.8-0.2mdv2009.0.i586.rpm 297f0cdd8b87c5cd4909c3c6fbe1ac31 2009.0/i586/libpurple-devel-2.7.8-0.2mdv2009.0.i586.rpm e57619f18b1e859ee22631c2f393be6b 2009.0/i586/pidgin-2.7.8-0.2mdv2009.0.i586.rpm 0b317674aa0aa78c7b2601ebd66ef886 2009.0/i586/pidgin-bonjour-2.7.8-0.2mdv2009.0.i586.rpm e2e068ed1acc961c256fb5fb3a6bc4a7 2009.0/i586/pidgin-client-2.7.8-0.2mdv2009.0.i586.rpm 409b5693a3d350d54a6b1b07dcfe4e88 2009.0/i586/pidgin-gevolution-2.7.8-0.2mdv2009.0.i586.rpm 64d503c98a0048ecae1f6959e1902c7b 2009.0/i586/pidgin-i18n-2.7.8-0.2mdv2009.0.i586.rpm 2fd2ea0ba84497c5dd778b8a4996a446 2009.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2009.0.i586.rpm 195a0fca668c2cb8b049aa2f878d6b99 2009.0/i586/pidgin-perl-2.7.8-0.2mdv2009.0.i586.rpm eab1d0f42237cb2de2bf0dcdb60c01f5 2009.0/i586/pidgin-plugins-2.7.8-0.2mdv2009.0.i586.rpm df33bb5b86bd903aa82e31b3ae2c7405 2009.0/i586/pidgin-silc-2.7.8-0.2mdv2009.0.i586.rpm 356ff080f65bc0e6dbff9f3292ab35ed 2009.0/i586/pidgin-tcl-2.7.8-0.2mdv2009.0.i586.rpm 6fe3a267b0c994c98252defc0229d73f 2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 07cbd9d2d40cb069ea315cb55dc1d5b9 2009.0/x86_64/finch-2.7.8-0.2mdv2009.0.x86_64.rpm 2759f7a76653f15d33e23828041e775d 2009.0/x86_64/lib64finch0-2.7.8-0.2mdv2009.0.x86_64.rpm f120e2602535fdd5736a3f0051d97648 2009.0/x86_64/lib64purple0-2.7.8-0.2mdv2009.0.x86_64.rpm c477958fdb03426af9cd29a7da91373d 2009.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2009.0.x86_64.rpm e7d575b135dc40ffe447e85958e89f0f 2009.0/x86_64/pidgin-2.7.8-0.2mdv2009.0.x86_64.rpm 0ba47012d00f1682c00fd9b87072129e 2009.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2009.0.x86_64.rpm 55eeaf467e82d003abf5de61b65f5ae0 2009.0/x86_64/pidgin-client-2.7.8-0.2mdv2009.0.x86_64.rpm 4478c7c5301da7fcb78c989eb18d9497 2009.0/x86_64/pidgin-gevolution-2.7.8-0.2mdv2009.0.x86_64.rpm 448777d63afc82270d18b2a99fa5294a 2009.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2009.0.x86_64.rpm 51080c450cb241977de0a5c94564c368 2009.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2009.0.x86_64.rpm 7e8cb3ebcd3b71134ee00761766d6407 2009.0/x86_64/pidgin-perl-2.7.8-0.2mdv2009.0.x86_64.rpm 2f06b7d807934fdb4a3ada32e7e1dcc7 2009.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2009.0.x86_64.rpm 123067587dab1f25871be80313bba3c5 2009.0/x86_64/pidgin-silc-2.7.8-0.2mdv2009.0.x86_64.rpm d7d55cb2e4ca769ea94a3a44690bc7d1 2009.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2009.0.x86_64.rpm 6fe3a267b0c994c98252defc0229d73f 2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm Mandriva Linux 2010.0: 9c7d51a088df133d4caa4b8059ba821a 2010.0/i586/finch-2.7.8-0.2mdv2010.0.i586.rpm 8dedd9ee7739e0ed384df88f63501412 2010.0/i586/libfinch0-2.7.8-0.2mdv2010.0.i586.rpm f67e74064a653bb9a2812eb78a307cff 2010.0/i586/libpurple0-2.7.8-0.2mdv2010.0.i586.rpm 3483a4e99e028e5b09ea0165b176c037 2010.0/i586/libpurple-devel-2.7.8-0.2mdv2010.0.i586.rpm 5117c80ad19c56b39280f7c3dfdd1872 2010.0/i586/pidgin-2.7.8-0.2mdv2010.0.i586.rpm dc33975bc058eb24168e029967889c5b 2010.0/i586/pidgin-bonjour-2.7.8-0.2mdv2010.0.i586.rpm b9104754d162f03f083da877997c9150 2010.0/i586/pidgin-client-2.7.8-0.2mdv2010.0.i586.rpm 1013da7e359b8cc576ebea1aebbfcce6 2010.0/i586/pidgin-i18n-2.7.8-0.2mdv2010.0.i586.rpm a686ada4efeea86b8bff3b1a861084f3 2010.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.0.i586.rpm 361dc60eeeabf18fe147aa636c94c04f 2010.0/i586/pidgin-perl-2.7.8-0.2mdv2010.0.i586.rpm a001335057f3aebd6733378469d58871 2010.0/i586/pidgin-plugins-2.7.8-0.2mdv2010.0.i586.rpm 0cdc172b5dc0b62f0468c4ed00a4141d 2010.0/i586/pidgin-silc-2.7.8-0.2mdv2010.0.i586.rpm 6d09b87891d3b38b4b7a70a6a69261d2 2010.0/i586/pidgin-tcl-2.7.8-0.2mdv2010.0.i586.rpm 87d1c35adea182f5c6fbd187e8815858 2010.0/SRPMS/pidgin-2.7.8-0.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: b40f56b630365c00a97ead18ec967d61 2010.0/x86_64/finch-2.7.8-0.2mdv2010.0.x86_64.rpm e525ea790b597c5cbf604ab2932181d3 2010.0/x86_64/lib64finch0-2.7.8-0.2mdv2010.0.x86_64.rpm 020dcc6b1e591706f3e99834744518f2 2010.0/x86_64/lib64purple0-2.7.8-0.2mdv2010.0.x86_64.rpm b1cedf83cc51349125bd7a2d76989077 2010.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2010.0.x86_64.rpm a18a5c874f8c3b592cfe61d83f6e6e99 2010.0/x86_64/pidgin-2.7.8-0.2mdv2010.0.x86_64.rpm fa88e960d1d7c57702c2210959008b1c 2010.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2010.0.x86_64.rpm 3286b40bd1d4462856d2b5a34bb0916d 2010.0/x86_64/pidgin-client-2.7.8-0.2mdv2010.0.x86_64.rpm 049edf51e477cb91f384570ab5ff01d3 2010.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2010.0.x86_64.rpm 2b760a08fd10db1ef5411885ee694193 2010.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2010.0.x86_64.rpm adf7a8859788c1ca68631b75be60d299 2010.0/x86_64/pidgin-perl-2.7.8-0.2mdv2010.0.x86_64.rpm df51e790321048b97335e725e9c6d7df 2010.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2010.0.x86_64.rpm 829687c6a8d5fa0f760f765343e4c200 2010.0/x86_64/pidgin-silc-2.7.8-0.2mdv2010.0.x86_64.rpm b3502ec93ebd6e958505e63aae5686b1 2010.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2010.0.x86_64.rpm 87d1c35adea182f5c6fbd187e8815858 2010.0/SRPMS/pidgin-2.7.8-0.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 74cb4cf9b5aa4b94a0147d66ac22349d 2010.1/i586/finch-2.7.8-0.2mdv2010.2.i586.rpm f90711256198922fc34e4edba05652d6 2010.1/i586/libfinch0-2.7.8-0.2mdv2010.2.i586.rpm 9379d5da89a47d4eeeeafe59f4c4f4ff 2010.1/i586/libpurple0-2.7.8-0.2mdv2010.2.i586.rpm 34b5a59ee270f2be0cbe260c3707d219 2010.1/i586/libpurple-devel-2.7.8-0.2mdv2010.2.i586.rpm 0b26de9d7b8d39a1a8cf58c759dc3af8 2010.1/i586/pidgin-2.7.8-0.2mdv2010.2.i586.rpm d7bcff42749fe39a4bd89fe4201b1485 2010.1/i586/pidgin-bonjour-2.7.8-0.2mdv2010.2.i586.rpm 2b683a5458cc9e3ae3793079c5df938e 2010.1/i586/pidgin-client-2.7.8-0.2mdv2010.2.i586.rpm f79a2b1ba4eb21995e267ebc2860f341 2010.1/i586/pidgin-i18n-2.7.8-0.2mdv2010.2.i586.rpm 8012ea3e2586f501e4f34c2b9f9e89f2 2010.1/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.2.i586.rpm 769754a61349368f329675f806824ace 2010.1/i586/pidgin-perl-2.7.8-0.2mdv2010.2.i586.rpm 97f2b9be94a0dd401d7ecfcf8eb69fbb 2010.1/i586/pidgin-plugins-2.7.8-0.2mdv2010.2.i586.rpm c91962801f9650181c0283a02b31b21b 2010.1/i586/pidgin-silc-2.7.8-0.2mdv2010.2.i586.rpm 0543ee22ba84e863e6ab99d226484c18 2010.1/i586/pidgin-tcl-2.7.8-0.2mdv2010.2.i586.rpm 9d7f4179011f3aca5b673dbafd2c3468 2010.1/SRPMS/pidgin-2.7.8-0.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 117d8a76e2ea3fac0a3cca25bd28bf9b 2010.1/x86_64/finch-2.7.8-0.2mdv2010.2.x86_64.rpm cc024e6b5d6eee9041e90360f55b3b04 2010.1/x86_64/lib64finch0-2.7.8-0.2mdv2010.2.x86_64.rpm e790365c65924586f6c2b643b24952b2 2010.1/x86_64/lib64purple0-2.7.8-0.2mdv2010.2.x86_64.rpm 53c6c2eff7bfbceaec92a8df6b64d30b 2010.1/x86_64/lib64purple-devel-2.7.8-0.2mdv2010.2.x86_64.rpm 00b22964d5b593c6f904902f450ba1ae 2010.1/x86_64/pidgin-2.7.8-0.2mdv2010.2.x86_64.rpm dee39f6e286eb489f117ecaf57ef499e 2010.1/x86_64/pidgin-bonjour-2.7.8-0.2mdv2010.2.x86_64.rpm c8d020fc2e2e05d1a3352963cfa0dc0a 2010.1/x86_64/pidgin-client-2.7.8-0.2mdv2010.2.x86_64.rpm 7fa14a0098feab1c02697c841b3796c2 2010.1/x86_64/pidgin-i18n-2.7.8-0.2mdv2010.2.x86_64.rpm bad46d7ca81d3d46f339bfedeced5348 2010.1/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2010.2.x86_64.rpm d25554d56b875228e4472ef3e23224c4 2010.1/x86_64/pidgin-perl-2.7.8-0.2mdv2010.2.x86_64.rpm bc14015efb24f82dc4a2524a8c64cf21 2010.1/x86_64/pidgin-plugins-2.7.8-0.2mdv2010.2.x86_64.rpm f4e7f1a997442b5ebb7bdb32460cd877 2010.1/x86_64/pidgin-silc-2.7.8-0.2mdv2010.2.x86_64.rpm b97e549eed5ea9019a4c3cc5a79afb51 2010.1/x86_64/pidgin-tcl-2.7.8-0.2mdv2010.2.x86_64.rpm 9d7f4179011f3aca5b673dbafd2c3468 2010.1/SRPMS/pidgin-2.7.8-0.2mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNE32zmqjQ0CJFipgRAp5DAJ4rRDognZZUglx90OtRDadsUugqFACdG1+V xdqR0lhSNp11SBo1zX9I/U4= =iBBx -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/