Ubuntu alert USN-781-1 (pidgin)
| From: | Marc Deslauriers <marc.deslauriers@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-781-1] Pidgin vulnerabilities | |
| Date: | Wed, 03 Jun 2009 10:20:19 -0400 | |
| Message-ID: | <1244038819.12402.1.camel@mdlinux.technorage.com> | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com | |
| Archive‑link: | Article |
=========================================================== Ubuntu Security Notice USN-781-1 June 03, 2009 pidgin vulnerabilities CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.4 Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.2 Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.1 After a standard system upgrade you need to restart Pidgin to effect the necessary changes. Details follow: It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374) It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375) It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 68347 9be15621e9a9801a31b8ae6e4b82e0db http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1539 7975b51e7a1d4c996282f51a584e0124 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 37846 9c9c3f7775b089058bf603e28bd89240 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 92352 ed5c3b2560b070733f7385d6a337f155 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 234514 e3dc4721dcf091410a41e3d9faf807a6 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1328934 93a62c9f2fd928c3ff1fafca325f3b50 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 72638 8ad1fef0587ccbf626eb44587ba20e16 http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/... Size/MD5: 86574 82e3c5c4361510f90b6ae8ea1efd15f6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 226874 aa753567d7edd194332eb2bfa8fd60ff http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 1604862 dbcc4128429686bfa835d563e6570e26 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 4432628 0b9baad686d3e5e1235c7996d104273a http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 572090 d0bad2b9275b71af32231f5248393d12 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 200862 da71501bc4468b027e3d00dd03f607aa http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 1365220 3853002c7d926ae93163c4bb1cead9b2 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 4242680 17ba46fc81a67a4e8daa78a0e24881ca http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 517126 a1728b5ffb4c858df3a3696880ac2866 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1u... Size/MD5: 197196 52fba9ae4400e779d792c3fac02afbc5 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4... Size/MD5: 1415190 725ae9563bb29f71a33e21f51dbafe91 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4... Size/MD5: 4372348 467c8f22104d8a7510f17720f92849c8 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1... Size/MD5: 511654 bc9a49261f7fd4d42e7fcb15f9cf61d8 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1u... Size/MD5: 237204 df93dfb31597cb65766e9def9514fbb5 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4... Size/MD5: 1633562 5923438d1915040c9550ce705aa24212 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4... Size/MD5: 4475570 d0a2ee70257e289b79529cfe87c375e0 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1... Size/MD5: 589648 9807242929f9afb819fc4fdd6285d811 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1u... Size/MD5: 212830 3176346be35b75d951a6960c1ac62333 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4... Size/MD5: 1531840 06b53e84b93d41585eeb2f0ebe572bc7 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4... Size/MD5: 4363738 0d1d086c4b15c87d0165bfb02ec80e29 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1... Size/MD5: 545626 ae8b3edc96a5a578271671652b7f0afd Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 60192 538fa71576474dc52288fcbb6b40581a http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1995 554c6183486df7af4c9d3929e5f54263 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 38224 65b54c109e1d8ae04104da36e5806c18 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 94868 f2f3cc3410268e74487fa16fb3d410ed http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 242302 4ef3557231e12e7cf34bcb249109034f http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1106854 5c9bc67c07da0c8e633970d1e9db3f48 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1357176 ed07a18f8bdc63fa953c74b0c175e50f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 230066 d4c2dc45b4a32f8f8d6da9f6086af24e http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 1754456 fe7611e988e8d22a65abbe1301d2965b http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 4660352 66cca2215df947143266932d10af883f http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 613956 adfbc24ab8c5eb3b21bb7f628c61bdce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 204004 0e0d344adeda941342d8fb7867668dbf http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 1503322 8f66c12c95d7c552309ae57dd043a29a http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 4464482 1e3f00d26b6e416bd75bf695ce1e09c0 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 559582 0fb6713e8965f9b9eca4d74eaf7ae7a9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0u... Size/MD5: 200664 2d974ab524d81fc118471ae19e1c8937 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5... Size/MD5: 1552110 c4f9431b8bdadbec7fb5e408fcd1acfc http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5... Size/MD5: 4599180 d9064f44228e108cb661bd7906ab7386 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0... Size/MD5: 553788 c9f8e5422da2e8e6576f39db4cd2085d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0u... Size/MD5: 235480 d9ee88f9545b7b58db2cd68fe6a8066b http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5... Size/MD5: 1790404 c1b95833f5bb7324267dd5155d950441 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5... Size/MD5: 4684942 acb33467a37ed8f102ebde7054c946d6 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0... Size/MD5: 619564 4bfd7a4e496b8647071846ad0616657a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0u... Size/MD5: 217318 cdbd481faa314f8ba35f35a475a42795 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5... Size/MD5: 1682664 fab2a1a49a81a68ae6a93616bd570555 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5... Size/MD5: 4586562 d459d38877c2249fc561b77732f9b79e http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0... Size/MD5: 590732 a0fc31cd9e06ba80c350e0a9b7f80c03 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 64524 fee7dadd7a38c04558ab4c09d5f42aa1 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1932 0fb4cdde59be102a856ab10e00b8e043 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 38446 aef71d1ba6b6c7e8049e89ccc1bd88bb http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 97200 049318fbf3c736bf1832dbfd6dedde2c http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 245162 1726a391577683475060704eb55bdf9a http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1150574 431c7d4325133491b6e1fa688c4a9242 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 1371370 5e90e70e80ed5e0b7f36695464c5f72a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 235086 6d2fce235edeb7a32a7a86c57a71b2ed http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 1803258 2304c36adbcfc8349a4a3952808a2bb8 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 5845696 c8594eceb93ccb3c6ada5cd1ee230912 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 567404 8a8b1b7a23f63312034a040cb1aa7e63 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finc... Size/MD5: 213598 ab2e38a8d6530963231b39a9829fb2d2 http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libp... Size/MD5: 1587104 90fbc2afe03c377aba029781ff5fe1df http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 5447882 24f1c24b149fb328ccdea99eca1acafa http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidg... Size/MD5: 519328 4de797df556660bbe4c0f6f28e8e11bb lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1u... Size/MD5: 212132 db58cde6f7138b158176b670bc74c119 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5... Size/MD5: 1646866 180f87c414b037c37b0dead0cc0bda72 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5... Size/MD5: 5594786 cd51cab94e155ee1174eee622d4691a3 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1... Size/MD5: 518520 ee049929d1b3a60629ae8a00b6e710f2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1u... Size/MD5: 245176 613a00f19ae14501f10b350cdb795d12 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5... Size/MD5: 1859288 69a9954613a68b7191c801a61930e4e8 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5... Size/MD5: 5758266 a66bc8ac7ea4f8e8e1e1fb3367f5b25b http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1... Size/MD5: 580976 3dd98008da3a34ab79726ee3efcb9d20 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1u... Size/MD5: 214658 dddd0b9de17382e79c0bf6e497c78676 http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5... Size/MD5: 1673626 1f462818b9b194368d7451b70a148f07 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5... Size/MD5: 5291802 1b1510fb9035637aebb5bce856484c75 http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1... Size/MD5: 522160 af6ecc55c88eede805e1398e5204bdf3 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...