Pardus alert 2011-111 (pidgin)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2011-111] pidgin: Multiple Vulnerabilities 
Date:
    	     
 
Mon, 5 Sep 2011 14:54:27 +0300
Message-ID:
    	     
 
<201109051454.27926.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-111           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-09-05
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities have been fixed in pidgin. 


Description
===========

CVE-2011-3184: 

The msn_httpconn_parse_data function in httpconn.c in the MSN  protocol 
plugin in libpurple in Pidgin before 2.10.0 does  not  properly  handle 
HTTP 100 responses, which allows remote attackers to cause a denial  of 
service (incorrect memory access and  application  crash)  via  vectors 
involving a crafted server message. 



CVE-2011-2943: 

The irc_msg_who function in  msgs.c  in  the  IRC  protocol  plugin  in 
libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly 
validate characters in nicknames,  which  allows  user-assisted  remote 
attackers to cause a denial of service (NULL  pointer  dereference  and 
application crash) via a crafted nickname that is not properly  handled 
in a WHO response. 


Affected packages:

  Pardus 2009:
    pidgin, all before 2.10.0-48-22
  Pardus 2011:
    pidgin, all before 2.7.10-48-p11


Resolution
==========

There are update(s) for pidgin. You can update them via Package Manager 
or with a single command from console: 

  Pardus 2009:
    pisi up pidgin

  Pardus 2011:
    pisi up pidgin


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=19000
  * http://bugs.pardus.org.tr/show_bug.cgi?id=19007

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security