exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 2038-1

Debian Linux Security Advisory 2038-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2038-1 - Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client.

tags | advisory, remote, vulnerability, protocol
systems | linux, debian
advisories | CVE-2010-0420, CVE-2010-0423
SHA-256 | 1a90132295ee7fe139fe09b55a2bfc10846d8e660b12fc31aa7d62a279d8bf84

Debian Linux Security Advisory 2038-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2038-1 security@debian.org
https://www.debian.org/security/ Thijs Kinkhorst
April 18, 2010 https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : pidgin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0420 CVE-2010-0423
Debian Bug : 566775

Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2010-0420

Crafted nicknames in the XMPP protocol can crash Pidgin remotely.

CVE-2010-0423

Remote contacts may send too many custom smilies, crashing Pidgin.

Since a few months, Microsoft's servers for MSN have changed the protocol,
making Pidgin non-functional for use with MSN. It is not feasible to port
these changes to the version of Pidgin in Debian Lenny. This update
formalises that situation by disabling the protocol in the client. Users
of the MSN protocol are advised to use the version of Pidgin in the
repositories of www.backports.org.

For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny6.

For the unstable distribution (sid), these problems have been fixed in
version 2.6.6-1.

We recommend that you upgrade your pidgin package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc
Size/MD5 checksum: 1784 f640f8119ef901c7be009232c6dfee05
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz
Size/MD5 checksum: 72144 85217de41bcd069748eb441886cdfab9

Architecture independent packages:

https://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb
Size/MD5 checksum: 7019074 1c79c0da4c115e2699d577b957c4e541
https://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb
Size/MD5 checksum: 159726 c657bace836fb1d4f3c04c57bdcd7e19
https://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb
Size/MD5 checksum: 133894 49e2b54dcad5a2b40705478118da2d72
https://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb
Size/MD5 checksum: 277220 9517eadf780382575efcd57ba9dc308b
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb
Size/MD5 checksum: 193802 b05666d23964d0d28646dc49a85de940

alpha architecture (DEC Alpha)

https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_alpha.deb
Size/MD5 checksum: 1477324 c6c9e6753f98159748b9e0116bb40df3
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb
Size/MD5 checksum: 776550 1334935aee6756fdc1b6e1702cabe0b3
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_alpha.deb
Size/MD5 checksum: 369734 f54c236b4aa7e94d33da983f042bd82b
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_alpha.deb
Size/MD5 checksum: 4952616 ac34a66c4b19a7dd23b1fa0240c07f97

amd64 architecture (AMD x86_64 (AMD64))

https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb
Size/MD5 checksum: 727918 e6447c0efc4f5c490bc806f00840b075
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb
Size/MD5 checksum: 1406192 68711767e43c6a0722b8b4d5ed59843a
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb
Size/MD5 checksum: 5067988 c430e8ff4e8b13830c71da4f6948a4f6
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb
Size/MD5 checksum: 348062 042092eae5df409b1b39ae96a6a5b856

arm architecture (ARM)

https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_arm.deb
Size/MD5 checksum: 1217972 2b2879660723d31097c9a535e14c177d
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb
Size/MD5 checksum: 657362 27313370246e22f31b6439981062dda7
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_arm.deb
Size/MD5 checksum: 316578 36a170a849ca166bcfe9b457f85b9cdb
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_arm.deb
Size/MD5 checksum: 4799502 e4689175bb1d17cb942ed50c7d091315

armel architecture (ARM EABI)

https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_armel.deb
Size/MD5 checksum: 668088 714b556255126c810659f203ffb93db1
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb
Size/MD5 checksum: 1221012 bbcb58abd9f04c1ba2df16bfce74e29c
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_armel.deb
Size/MD5 checksum: 319790 b7c9ae4c8cfe107744523c44926375a4
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_armel.deb
Size/MD5 checksum: 4821838 ca27cf7101ca23de2ab36cd0c21360d0

hppa architecture (HP PA RISC)

https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_hppa.deb
Size/MD5 checksum: 1495046 d445e1cb5e3500fc9970b1099ba14227
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb
Size/MD5 checksum: 754250 64d22a1f7c7b9c920360f325749ab0fe
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_hppa.deb
Size/MD5 checksum: 361568 d77edf95828aec4d0347f548e0b0a108
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_hppa.deb
Size/MD5 checksum: 4906668 1208501055cffef75023543a72c956ce

i386 architecture (Intel ia32)

https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_i386.deb
Size/MD5 checksum: 4809696 f6df7ed8178ad450886c4d19284e1c04
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb
Size/MD5 checksum: 326412 fb3dff6c0627b67e9710630906c770a9
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_i386.deb
Size/MD5 checksum: 1290792 b0eaca04079ad13798d350ec18ad41b5
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_i386.deb
Size/MD5 checksum: 679712 d946170d5d259c120f909285c48294fb

ia64 architecture (Intel ia64)

https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_ia64.deb
Size/MD5 checksum: 4669414 5273183a49a9b6e334963816871d6ce0
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb
Size/MD5 checksum: 434978 e4750a60b59c31a868dd0ebda33c96f2
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_ia64.deb
Size/MD5 checksum: 948754 2b9ce7e253458ce9f7511ba26ece0b90
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_ia64.deb
Size/MD5 checksum: 1789606 a2e654bacaaaef9fece43aaa2e33b420

mips architecture (MIPS (Big Endian))

https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mips.deb
Size/MD5 checksum: 654450 edbc24d8f35a894a3d301a751d2d8977
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb
Size/MD5 checksum: 1096044 d88283ec19ea5d867e7d28325744d8fb
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mips.deb
Size/MD5 checksum: 318672 ed52e8ecafb8e410eab3194914b4014d
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mips.deb
Size/MD5 checksum: 5054324 9ddbd413029130c610512f25aa230553

mipsel architecture (MIPS (Little Endian))

https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mipsel.deb
Size/MD5 checksum: 651410 89e26238fc91f1f75376d29a009cd751
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb
Size/MD5 checksum: 318572 4992c5f4f4bce500db6b3792295ad0c2
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mipsel.deb
Size/MD5 checksum: 4963322 2d397b0c64352a1a1e94534c0d0cf4de
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mipsel.deb
Size/MD5 checksum: 1086788 afb54d1620a692cb6273dbb9e3a67908

powerpc architecture (PowerPC)

https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_powerpc.deb
Size/MD5 checksum: 5014910 acaaacb4532ae1176e628b23aaae74fe
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb
Size/MD5 checksum: 362722 2824883e0fb35a6b758d89188d0be39d
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_powerpc.deb
Size/MD5 checksum: 755056 890358f5bc3215a5ab59609d8bd0c1d1
https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_powerpc.deb
Size/MD5 checksum: 1445264 d5961438dc2a8c4798e815009792fab5

s390 architecture (IBM S/390)

https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_s390.deb
Size/MD5 checksum: 1326506 9a6b8060e2710587d17477c4b976922a
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb
Size/MD5 checksum: 717976 970f51fbc28082cc53af9ddc1bb183c1
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_s390.deb
Size/MD5 checksum: 359214 3eca65b1913b2db015f7d5c75157e5c6
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_s390.deb
Size/MD5 checksum: 4977082 e7bfcd7d662c5c41d860baabddac9c37

sparc architecture (Sun SPARC/UltraSPARC)

https://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_sparc.deb
Size/MD5 checksum: 1302702 f550e43bfd0aa9bf89d6768eb2bf3966
https://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb
Size/MD5 checksum: 329408 54fdcf6f005a936007201e8ef5a49e4c
https://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_sparc.deb
Size/MD5 checksum: 4611594 b6124b51dd98dba2e1194295fc46002e
https://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_sparc.deb
Size/MD5 checksum: 683284 f744d4b6e674fff37a0e00c1656db64e


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and https://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJLyykYAAoJECIIoQCMVaAcNicH/RNCxVsf9xTEQsOLyW+ktOY4
tUWY3kGqQfuHF9jds9jQzT97qstepzkn8dFOAetcxUbTP4CenV3bhRoaARpwaUnO
n9Rbziiz6e6zhPED/EpdaBQ4ADjkYiT0/0NL4DTKqFuuGetI9HQ6IInqwQfqB2O2
n+4gyqM3756NMTWfXC6N/uOd33cMnji5tRwk5J8cGCCvky+lYFSIOjaZ6Jff6GJF
b1P6vo6F1FU9jBkKIwuRIVGyEE82neyqZODkU47OsbYvPeKdz/qCoKswhg+3u6/n
24JpDbZFpMyFf8Ypta5ttyfa6fkxX1ZToK9hrNDAYDOI05tT4lBGwmNOHZ8t/XA=
=iYzY
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close