pidgin: buffer/integer overflows [LWN.net]

Package(s):

pidgin

CVE #(s):

CVE-2009-1373 CVE-2009-1376

Created:

May 22, 2009

Updated:

January 18, 2010

Description:

From the Red Hat advisory:

A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373)

It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially-crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376)

Alerts:

Ubuntu	USN-886-1	pidgin	2010-01-18
Mandriva	MDVSA-2009:321	pidgin	2009-12-06
Mandriva	MDVSA-2009:230	pidgin	2009-09-11
Debian	DSA-1870-1	pidgin	2009-08-19
SuSE	SUSE-SR:2009:013	memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, libxml2	2009-08-11
Mandriva	MDVSA-2009:173	pidgin	2009-07-29
Gentoo	200910-02	pidgin	2009-10-22
Mandriva	MDVSA-2009:147	pidgin	2009-06-30
Mandriva	MDVSA-2009:140	gaim	2009-06-25
Ubuntu	USN-781-2	gaim	2009-06-03
Ubuntu	USN-781-1	pidgin	2009-06-03
Fedora	FEDORA-2009-5583	pidgin	2009-05-28
Fedora	FEDORA-2009-5597	pidgin	2009-05-28
Fedora	FEDORA-2009-5552	pidgin	2009-05-28
Slackware	SSA:2009-146-01	pidgin	2009-05-27
Gentoo	200905-07	pidgin	2009-05-25
Debian	DSA-1805-1	pidgin	2009-05-22
CentOS	CESA-2009:1060	pidgin	2009-05-22
CentOS	CESA-2009:1059	pidgin	2009-05-22
Red Hat	RHSA-2009:1060-02	pidgin	2009-05-22
Red Hat	RHSA-2009:1059-02	pidgin	2009-05-22