[Full-disclosure] [ MDVSA-2012:082 ] pidgin



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:082
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pidgin
Date : May 28, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in pidgin:

A series of specially crafted file transfer requests can cause clients
to reference invalid memory. The user must have accepted one of the
file transfer requests (CVE-2012-2214).

Incoming messages with certain characters or character encodings can
cause clients to crash (CVE-2012-2318).

This update provides pidgin 2.10.4, which is not vulnerable to
these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318
http://www.pidgin.im/news/security/
http://www.pidgin.im/news/security/?id=62
http://www.pidgin.im/news/security/?id=63
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
bef050030adee6a6d8a6ce2116ef2997 2011/i586/finch-2.10.4-0.1-mdv2011.0.i586.rpm
0331afa765ec36c87f469500bf178ee4 2011/i586/libfinch0-2.10.4-0.1-mdv2011.0.i586.rpm
2bf80984270719e8e15414f49f2ab04b 2011/i586/libpurple0-2.10.4-0.1-mdv2011.0.i586.rpm
557db76a0aad842f0c2cb80e8a16ac7e 2011/i586/libpurple-devel-2.10.4-0.1-mdv2011.0.i586.rpm
7435f72c8cd2358d8aca7c29140c9c7d 2011/i586/pidgin-2.10.4-0.1-mdv2011.0.i586.rpm
17ea6ccf5344fac74668ea979d7da86a 2011/i586/pidgin-bonjour-2.10.4-0.1-mdv2011.0.i586.rpm
a7a4475e3caa52e1353612f522856284 2011/i586/pidgin-client-2.10.4-0.1-mdv2011.0.i586.rpm
5771361b7c5713a34c9f116a0e6e9127 2011/i586/pidgin-gevolution-2.10.4-0.1-mdv2011.0.i586.rpm
0d5daddc1b6d6c0ab1ce0057e8b4b0ac 2011/i586/pidgin-i18n-2.10.4-0.1-mdv2011.0.i586.rpm
ceafa80a86569642d974fe095414e725 2011/i586/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.i586.rpm
521837eb4a4bbaf19996f9a88f7936bb 2011/i586/pidgin-perl-2.10.4-0.1-mdv2011.0.i586.rpm
9c2a6a5e60aef9b19692cbec801b87b8 2011/i586/pidgin-plugins-2.10.4-0.1-mdv2011.0.i586.rpm
012809faae1cb25d0a3637a19858d9c9 2011/i586/pidgin-silc-2.10.4-0.1-mdv2011.0.i586.rpm
2127fe686c24f5a44c4ed680231e8cd6 2011/i586/pidgin-tcl-2.10.4-0.1-mdv2011.0.i586.rpm
b977e3cb9a308a2e772b7ccb5d39c370 2011/SRPMS/pidgin-2.10.4-0.1.src.rpm

Mandriva Linux 2011/X86_64:
69d6d461391fe01e8bb100fd252efde3 2011/x86_64/finch-2.10.4-0.1-mdv2011.0.x86_64.rpm
e7485e20ba16037cf302cb7afc3fea89 2011/x86_64/lib64finch0-2.10.4-0.1-mdv2011.0.x86_64.rpm
a7521660b6a2b6c9cd0acbdbcf6946c1 2011/x86_64/lib64purple0-2.10.4-0.1-mdv2011.0.x86_64.rpm
24757f828f3f25488be291e7d5365e00 2011/x86_64/lib64purple-devel-2.10.4-0.1-mdv2011.0.x86_64.rpm
c552d655223d60f64e4089b1841a690c 2011/x86_64/pidgin-2.10.4-0.1-mdv2011.0.x86_64.rpm
f95bc494277ff7e083413528c2cc42d9 2011/x86_64/pidgin-bonjour-2.10.4-0.1-mdv2011.0.x86_64.rpm
b8461999b7a10719476fe6bd43ed972c 2011/x86_64/pidgin-client-2.10.4-0.1-mdv2011.0.x86_64.rpm
9ca33b7b07128f0f66bdb1b21cad4e84 2011/x86_64/pidgin-gevolution-2.10.4-0.1-mdv2011.0.x86_64.rpm
b32f3c197ba607e9c2f92ded9ae0b283 2011/x86_64/pidgin-i18n-2.10.4-0.1-mdv2011.0.x86_64.rpm
dd5b75e821d541f66e7d0766c9a6f6ae 2011/x86_64/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.x86_64.rpm
f9bf0cd48c12e8a36e85f1dac2c06672 2011/x86_64/pidgin-perl-2.10.4-0.1-mdv2011.0.x86_64.rpm
71057b5d79e4dfba09321eee54d98dcb 2011/x86_64/pidgin-plugins-2.10.4-0.1-mdv2011.0.x86_64.rpm
ffa4c2e94e4d2b0597ec94108340bada 2011/x86_64/pidgin-silc-2.10.4-0.1-mdv2011.0.x86_64.rpm
d8e088f101b312bfde020e39a4134c2e 2011/x86_64/pidgin-tcl-2.10.4-0.1-mdv2011.0.x86_64.rpm
b977e3cb9a308a2e772b7ccb5d39c370 2011/SRPMS/pidgin-2.10.4-0.1.src.rpm

Mandriva Enterprise Server 5:
9a4c0fd6f19f32491cb81be5304b3b7f mes5/i586/finch-2.10.4-0.1mdvmes5.2.i586.rpm
871836ceb09eac2f02f1b3fa6b947506 mes5/i586/libfinch0-2.10.4-0.1mdvmes5.2.i586.rpm
2dd36fd15de2ddb55ec014f14a976561 mes5/i586/libpurple0-2.10.4-0.1mdvmes5.2.i586.rpm
f280ae9695571a39a85bc9978d4525fe mes5/i586/libpurple-devel-2.10.4-0.1mdvmes5.2.i586.rpm
d27b90b2e2f12ae89582f04b3f194751 mes5/i586/pidgin-2.10.4-0.1mdvmes5.2.i586.rpm
167a3742e07438466c270820613a5fcc mes5/i586/pidgin-bonjour-2.10.4-0.1mdvmes5.2.i586.rpm
02fbe71ad44ec5e8b2d4f9c470010654 mes5/i586/pidgin-client-2.10.4-0.1mdvmes5.2.i586.rpm
edf56ff5975f98b4ea5b6463b43646d8 mes5/i586/pidgin-gevolution-2.10.4-0.1mdvmes5.2.i586.rpm
a50fc90896857995ec2fcf4a9c20bea8 mes5/i586/pidgin-i18n-2.10.4-0.1mdvmes5.2.i586.rpm
7a8e884e0b61bff3a9afc432810261e0 mes5/i586/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.i586.rpm
5860dbaab368fccd0dc16e0d30f1be5c mes5/i586/pidgin-perl-2.10.4-0.1mdvmes5.2.i586.rpm
ee1ca5f6cca543cf8f2d1af8acc92fdc mes5/i586/pidgin-plugins-2.10.4-0.1mdvmes5.2.i586.rpm
30af0a61aaebd8937983e416f74bbb2a mes5/i586/pidgin-silc-2.10.4-0.1mdvmes5.2.i586.rpm
f7e8883d2fa5f20a0c59f3e1e1790adc mes5/i586/pidgin-tcl-2.10.4-0.1mdvmes5.2.i586.rpm
c629adfa2d43585105be933466e6d366 mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
8c3da9c1ae1a49d3b048bb03be17810e mes5/x86_64/finch-2.10.4-0.1mdvmes5.2.x86_64.rpm
a7a841ac4a2f3115f14930b2dd462074 mes5/x86_64/lib64finch0-2.10.4-0.1mdvmes5.2.x86_64.rpm
16120decc116f49a9bfc20e9642a3130 mes5/x86_64/lib64purple0-2.10.4-0.1mdvmes5.2.x86_64.rpm
396f02442c0cfbcb530fa518cbf3b389 mes5/x86_64/lib64purple-devel-2.10.4-0.1mdvmes5.2.x86_64.rpm
51f5c14a4e941e1ffc818408ec902af8 mes5/x86_64/pidgin-2.10.4-0.1mdvmes5.2.x86_64.rpm
1a607ed7b1772421bdb70e922119dca4 mes5/x86_64/pidgin-bonjour-2.10.4-0.1mdvmes5.2.x86_64.rpm
52a43e7519eccdde5570cc343697e271 mes5/x86_64/pidgin-client-2.10.4-0.1mdvmes5.2.x86_64.rpm
5b96e447aac38288c4147078b6bc3f8a mes5/x86_64/pidgin-gevolution-2.10.4-0.1mdvmes5.2.x86_64.rpm
7b88dfac197f7213bb9de95dfd47bc3c mes5/x86_64/pidgin-i18n-2.10.4-0.1mdvmes5.2.x86_64.rpm
4c766c56d7e11b2aa6c4089d93c41a3e mes5/x86_64/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.x86_64.rpm
a688528aafafdcdb1033dd3a28b2df70 mes5/x86_64/pidgin-perl-2.10.4-0.1mdvmes5.2.x86_64.rpm
fab9bbd6ad53f66c93ce0d8ce76c9ea5 mes5/x86_64/pidgin-plugins-2.10.4-0.1mdvmes5.2.x86_64.rpm
68f561d5573ec899fbc150a2e2b6db8b mes5/x86_64/pidgin-silc-2.10.4-0.1mdvmes5.2.x86_64.rpm
73feee59eeec17b84b028ba600874bfd mes5/x86_64/pidgin-tcl-2.10.4-0.1mdvmes5.2.x86_64.rpm
c629adfa2d43585105be933466e6d366 mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPw4OemqjQ0CJFipgRAlkLAJ4s5jNQkDp07qoeBOJnXs5CpjO54QCfec5Z
Puo+VFqX6322lldU1NTlMZk=
=jEk/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/