Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.
2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:173
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : July 29, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in pidgin:
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
(formerly Gaim) before 2.5.6 allows remote authenticated users to
execute arbitrary code via vectors involving an outbound XMPP file
transfer. NOTE: some of these details are obtained from third party
information (CVE-2009-1373).
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).
Multiple integer overflows in the msn_slplink_process_msg functions in
the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and
(2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)
before 2.5.6 on 32-bit platforms allow remote attackers to execute
arbitrary code via a malformed SLP message with a crafted offset
value, leading to buffer overflows. NOTE: this issue exists because
of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).
This update provides pidgin 2.5.8, which is not vulnerable to these
issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376
http://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
8fceb83b3c8d05b8e19c7c6d55f7c8dc mes5/i586/finch-2.5.8-0.2mdvmes5.i586.rpm
087b107937da63fd2f36bacd6893ec14 mes5/i586/libfinch0-2.5.8-0.2mdvmes5.i586.rpm
5965e9790058b2283859f2329dd3f5f5 mes5/i586/libmeanwhile1-1.0.2-2.1mdvmes5.i586.rpm
d09c178fa8e7b23d4217ce8016742ed8 mes5/i586/libmeanwhile1-devel-1.0.2-2.1mdvmes5.i586.rpm
9c5845a75b7663c5b10e5aaee2330dcc mes5/i586/libmeanwhile1-doc-1.0.2-2.1mdvmes5.i586.rpm
fc57a75250ddde1c86486c6444f403a2 mes5/i586/libpurple0-2.5.8-0.2mdvmes5.i586.rpm
4615f81a030de2af18af27a41c039be0 mes5/i586/libpurple-devel-2.5.8-0.2mdvmes5.i586.rpm
650b3c09bfd6e5b07014d763cabcc23e mes5/i586/pidgin-2.5.8-0.2mdvmes5.i586.rpm
dadfa4fd0dce10a72829235f2f9afd27 mes5/i586/pidgin-bonjour-2.5.8-0.2mdvmes5.i586.rpm
cc3e9966e475eebb01003c36f65991dc mes5/i586/pidgin-client-2.5.8-0.2mdvmes5.i586.rpm
01768025392289d917d77f5344258249 mes5/i586/pidgin-gevolution-2.5.8-0.2mdvmes5.i586.rpm
69b9c804c0b1a14c06b64e5a383944ef mes5/i586/pidgin-i18n-2.5.8-0.2mdvmes5.i586.rpm
51ee90ff3b21ff9cf9891104e6c1e6dd mes5/i586/pidgin-meanwhile-2.5.8-0.2mdvmes5.i586.rpm
f8d49efc67bc6914d1fc2404f88e4124 mes5/i586/pidgin-mono-2.5.8-0.2mdvmes5.i586.rpm
bcb84b61b39dc33ed0b5803548b512c0 mes5/i586/pidgin-perl-2.5.8-0.2mdvmes5.i586.rpm
e8f3cd8b45c9d38e4def57d1c3352d36 mes5/i586/pidgin-plugins-2.5.8-0.2mdvmes5.i586.rpm
d2537da945cf826f5974de541c5e7197 mes5/i586/pidgin-silc-2.5.8-0.2mdvmes5.i586.rpm
f29a596d394d9c0a5bf742e83700048a mes5/i586/pidgin-tcl-2.5.8-0.2mdvmes5.i586.rpm
afc32532d57b156a66fb575fc3b23ee5 mes5/SRPMS/meanwhile-1.0.2-2.1mdvmes5.src.rpm
46a06badda4442d8c7bd313371c4319e mes5/SRPMS/pidgin-2.5.8-0.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
38fb3a6108e404216b379eaab0920033 mes5/x86_64/finch-2.5.8-0.2mdvmes5.x86_64.rpm
a8697503bc8891855790f30cfbb2bd28 mes5/x86_64/lib64finch0-2.5.8-0.2mdvmes5.x86_64.rpm
b6d59030d2367052f9d7c47c39ef7db5 mes5/x86_64/lib64meanwhile1-1.0.2-2.1mdvmes5.x86_64.rpm
0c4f3335c648f8763418d07f1530695e mes5/x86_64/lib64meanwhile1-devel-1.0.2-2.1mdvmes5.x86_64.rpm
e172b9fda1fd82f2e9548998ab278444 mes5/x86_64/lib64meanwhile1-doc-1.0.2-2.1mdvmes5.x86_64.rpm
b69d53282ed78f9364978a74b27dd5b4 mes5/x86_64/lib64purple0-2.5.8-0.2mdvmes5.x86_64.rpm
721f8e4dc2aae949bcd847bd4f48ae8e mes5/x86_64/lib64purple-devel-2.5.8-0.2mdvmes5.x86_64.rpm
dde2286db18bb676591ee1e5359f328a mes5/x86_64/pidgin-2.5.8-0.2mdvmes5.x86_64.rpm
a5ba4db1a6a3a7ed70cbd26f51996fad mes5/x86_64/pidgin-bonjour-2.5.8-0.2mdvmes5.x86_64.rpm
8540b4360131ccc61a766ffe70accd72 mes5/x86_64/pidgin-client-2.5.8-0.2mdvmes5.x86_64.rpm
e61d2242bb8106e27539d9f2d2805c17 mes5/x86_64/pidgin-gevolution-2.5.8-0.2mdvmes5.x86_64.rpm
4b2f52bacc076f31264e2a501fe609a5 mes5/x86_64/pidgin-i18n-2.5.8-0.2mdvmes5.x86_64.rpm
782c2dae71574c8a21a0d9813bfda424 mes5/x86_64/pidgin-meanwhile-2.5.8-0.2mdvmes5.x86_64.rpm
5b45076bc9438853886c22c79dcda298 mes5/x86_64/pidgin-mono-2.5.8-0.2mdvmes5.x86_64.rpm
4651354914578fc9b7fa930a5134c016 mes5/x86_64/pidgin-perl-2.5.8-0.2mdvmes5.x86_64.rpm
23c753fa429158e4e4589cdfd8e8d0d7 mes5/x86_64/pidgin-plugins-2.5.8-0.2mdvmes5.x86_64.rpm
03db701b5da3f39d8e86aaccf4db25fe mes5/x86_64/pidgin-silc-2.5.8-0.2mdvmes5.x86_64.rpm
1e20f2237f16dda6b90c7621526e0c89 mes5/x86_64/pidgin-tcl-2.5.8-0.2mdvmes5.x86_64.rpm
afc32532d57b156a66fb575fc3b23ee5 mes5/SRPMS/meanwhile-1.0.2-2.1mdvmes5.src.rpm
46a06badda4442d8c7bd313371c4319e mes5/SRPMS/pidgin-2.5.8-0.2mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKb6z2mqjQ0CJFipgRAvszAJ9YTMpiSmEpKtL//ZGzvWHqOPzjmgCgsMpW
A0bUhj6wrTOTJBLJwMLwSPY=
=LiUJ
-----END PGP SIGNATURE-----