Mandriva Linux Security Advisory 2010-085 - The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for ICQ and possibly AIM, as demonstrated by the SIM IM client. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. Other issues have also been identified.
209643718e8208dbef837eae2a003ecf460b9808598317b3e97888b1d0d1d215
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:085
https://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : April 28, 2010
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities has been identified and fixed in pidgin:
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium
before 1.3.7 allows remote attackers to cause a denial of service
(application crash) via crafted contact-list data for (1) ICQ and
possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).
Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).
Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).
Certain malformed SLP messages can trigger a crash because the MSN
protocol plugin fails to check that all pieces of the message are
set correctly (CVE-2010-0277).
In a user in a multi-user chat room has a nickname containing '<br>'
then libpurple ends up having two users with username ' ' in the room,
and Finch crashes in this situation. We do not believe there is a
possibility of remote code execution (CVE-2010-0420).
oCERT notified us about a problem in Pidgin, where a large amount of
processing time will be used when inserting many smileys into an IM
or chat window. This should not cause a crash, but Pidgin can become
unusable slow (CVE-2010-0423).
Packages for 2009.0 are provided due to the Extended Maintenance
Program.
This update provides pidgin 2.6.6, which is not vulnerable to these
issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423
https://pidgin.im/news/security/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
ff6ea030872577e6b0554d9ad92a396a 2009.0/i586/finch-2.6.6-0.1mdv2009.0.i586.rpm
af78075de6309e9b6bee73321c26407f 2009.0/i586/libfinch0-2.6.6-0.1mdv2009.0.i586.rpm
844a556786c447a1ca145701079fdbdf 2009.0/i586/libpurple0-2.6.6-0.1mdv2009.0.i586.rpm
07909a8b9a8dc94d32d4334887f95e60 2009.0/i586/libpurple-devel-2.6.6-0.1mdv2009.0.i586.rpm
add7f860c109470332a924abdde94867 2009.0/i586/pidgin-2.6.6-0.1mdv2009.0.i586.rpm
473b623dd01143484f56aeec8198c038 2009.0/i586/pidgin-bonjour-2.6.6-0.1mdv2009.0.i586.rpm
ebbc0a0da115f42d557086d92952a593 2009.0/i586/pidgin-client-2.6.6-0.1mdv2009.0.i586.rpm
c2e797ac95c71799df4c5e07655c7102 2009.0/i586/pidgin-gevolution-2.6.6-0.1mdv2009.0.i586.rpm
b96046816302e5bb7f671282534acebe 2009.0/i586/pidgin-i18n-2.6.6-0.1mdv2009.0.i586.rpm
312ea5008d2d2925e146c097a042a2bc 2009.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2009.0.i586.rpm
c1deaff7c0b2bcc8287b4e2d44a917b4 2009.0/i586/pidgin-mono-2.6.6-0.1mdv2009.0.i586.rpm
8966ecdef85c226fd04331a71a8d59a3 2009.0/i586/pidgin-perl-2.6.6-0.1mdv2009.0.i586.rpm
615e6e69dc77419a52df58f9500f3278 2009.0/i586/pidgin-plugins-2.6.6-0.1mdv2009.0.i586.rpm
6c5d548b6aead8023952b710662a0fdd 2009.0/i586/pidgin-silc-2.6.6-0.1mdv2009.0.i586.rpm
4c7e7cf01343077a7d880b049bfbeb89 2009.0/i586/pidgin-tcl-2.6.6-0.1mdv2009.0.i586.rpm
bc18b444b5c2c5bf1e6dbf5b350d120c 2009.0/SRPMS/pidgin-2.6.6-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
73f00980b1022b260483fb1186a8a857 2009.0/x86_64/finch-2.6.6-0.1mdv2009.0.x86_64.rpm
098f9f209c84f4f3cff9eebb225df45c 2009.0/x86_64/lib64finch0-2.6.6-0.1mdv2009.0.x86_64.rpm
4365bea65c0ef5b7d027820056c43ee7 2009.0/x86_64/lib64purple0-2.6.6-0.1mdv2009.0.x86_64.rpm
03790a91d3c7b2e40b23ffe5bd596d7f 2009.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2009.0.x86_64.rpm
f0c784c60d1906840cb37dd164386009 2009.0/x86_64/pidgin-2.6.6-0.1mdv2009.0.x86_64.rpm
e126ad8f718245f969a07e68aac4ce75 2009.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2009.0.x86_64.rpm
5cb631dd7e07bd657dede89674ab0604 2009.0/x86_64/pidgin-client-2.6.6-0.1mdv2009.0.x86_64.rpm
bda2495720a394af0ff148b43c814e5d 2009.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2009.0.x86_64.rpm
6b51ecdb5b1c9b24caa0c04c67e5fa32 2009.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2009.0.x86_64.rpm
cc23c3e478f8b4b923fa34128bf729eb 2009.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2009.0.x86_64.rpm
7b569dc8c9584ae594165b0e985cc671 2009.0/x86_64/pidgin-mono-2.6.6-0.1mdv2009.0.x86_64.rpm
37b896476f725311f108e56758674a6e 2009.0/x86_64/pidgin-perl-2.6.6-0.1mdv2009.0.x86_64.rpm
2e5eda0cde9ad8105dab80080a14c361 2009.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2009.0.x86_64.rpm
2d0ab0df7212fd47ba891974d8ac87f7 2009.0/x86_64/pidgin-silc-2.6.6-0.1mdv2009.0.x86_64.rpm
2790d06426db09a03d27771acb38dcbc 2009.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2009.0.x86_64.rpm
bc18b444b5c2c5bf1e6dbf5b350d120c 2009.0/SRPMS/pidgin-2.6.6-0.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL2Fd7mqjQ0CJFipgRAvr2AKDwDW5HBKUXiYetxt285+rGrk/qmACgoHgG
0FjESzgHRyeSwqrTjtwz4v0=
=kXr/
-----END PGP SIGNATURE-----