==========================================================Ubuntu Security Notice USN-675-1          November 24, 2008
pidgin vulnerabilities
CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  pidgin                          1:2.2.1-1ubuntu4.3

Ubuntu 8.04 LTS:
  pidgin                          1:2.4.1-1ubuntu2.2

After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.

Details follow:

It was discovered that Pidgin did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a specially
crafted message and possibly execute arbitrary code with user privileges.
(CVE-2008-2927)

It was discovered that Pidgin did not properly handle file transfers containing
a long filename and special characters in the MSN protocol handler. A remote
attacker could send a specially crafted filename in a file transfer request
and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955)

It was discovered that Pidgin did not impose resource limitations in the UPnP
service. A remote attacker could cause Pidgin to download arbitrary files 
and cause a denial of service from memory or disk space exhaustion.
(CVE-2008-2957)

It was discovered that Pidgin did not validate SSL certificates when using a
secure connection. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. This update alters Pidgin behaviour by asking users to confirm
the validity of a certificate upon initial login. (CVE-2008-3532)


Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:    57978 254c333b127e6f18bf5deff2df48aace
          Size/MD5:     1475 9e202c8cb64aa6f5b813c989caea7b93
          Size/MD5: 12868326 3de2ef29d4a62c515a223cba5d4c4671

  Architecture independent packages:

          Size/MD5:   143616 602c6c56f30d9f40013e41841d595edb
          Size/MD5:   123834 625e7e989d6a29d8887137b407078c90
          Size/MD5:   257634 8febe671445a717eb09809b591825416
          Size/MD5:  1390894 5e360d9bd1b994a21e44bdd434004d42
          Size/MD5:   201660 6844e4107ac223deaf57d022bd84540a
          Size/MD5:   119274 7836e1d1c689528c1bd533e51b8b110b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   311318 fec706b32fe99bb814056899e85a30c2
          Size/MD5:  1566428 e57dd483c64314b78811ae83afd01ab7
          Size/MD5:  4873688 6b59077f56042c373ba0a0537766f197
          Size/MD5:   646402 f9d51d9559dae7a65e1ad771338d7cd9

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   293002 767d3b4cea192f2f567bc4004e5c34ae
          Size/MD5:  1454484 051f1fe1704333c292e089d23cf1be4c
          Size/MD5:  4585518 02a2bac7b6ab2be201c1b2956cbae8af
          Size/MD5:   603628 f071b1d796ca4d7894777b7c099e00f1

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   292214 f14424242e4002dc026fd32c55fd859e
          Size/MD5:  1432448 5db14c19c6010f2a6cb10ae39f598488
          Size/MD5:  4890584 a443f701a66508288371508bab68613c
          Size/MD5:   602262 78a8c49c3937cc0ec647f779b8f4a89b

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   327048 b49ec32a017ba8eb95bdeb183a685dec
          Size/MD5:  1632672 cd12c695cf8694fc5dfab98d4192fa0b
          Size/MD5:  4843450 c483fbfca0036b0454a66231e5eb5ca4
          Size/MD5:   678768 fce379059fbc71ef9c0016e77092c128

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   294868 0b79ad3c17899fc7d4e374903b4433a7
          Size/MD5:  1483770 1ca2179e7f56fb64b3ff898163149aa8
          Size/MD5:  4447692 3b7619af602cae52a0aaf305f8ffa554
          Size/MD5:   609750 3471725c85e7183458134e7b6f72428f

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    66731 5928aa79ba1425f6171ff2498ed82c57
          Size/MD5:     1539 be09a810e567b6d5e9c0e699ea6f6d35
          Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778

  Architecture independent packages:

          Size/MD5:    37848 cdd046022be11e393c94cd06427f1a3a
          Size/MD5:    92034 4bb65e5ae1ce1345a8403ce45613123e
          Size/MD5:   234266 050e32d2264f10bc4e16d43c9ef0f225
          Size/MD5:  1328710 cbb005a2f0dc4b5bb2425d1448608863
          Size/MD5:    72632 c724bea962c7107f16fbb1d4b837d738
          Size/MD5:    86300 774f5f7e6d2a495eb272d4249d185df9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   226884 778654356ed8517a62e531967a60619a
          Size/MD5:  1604782 0693279fa29bb9b7c104e767a9d0cf96
          Size/MD5:  4431992 f3301cd351a4d29bbf5fca944fd52ac3
          Size/MD5:   572144 3709481a941f530c1cfd8b18efadd367

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   200878 8ea4b5d4ef47709be587bc0b30d27910
          Size/MD5:  1365460 2ba4f4606e478b325f49a6058ed09886
          Size/MD5:  4242032 90317cc00e3037e852ce3857914cf511
          Size/MD5:   517198 f7a61815aa2aff71475297cd7b76c546

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   197204 3858112dba3f65d1eb9a43d44a641226
          Size/MD5:  1415086 d0d08032e22ac56132999a61d75f8071
          Size/MD5:  4371468 30ef5919816607e4f2594e8fa664d02b
          Size/MD5:   511682 85c979fcb75af48298b2652469d46a47

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   237202 196a4925b68d32e2ad35cff8aaec3b08
          Size/MD5:  1633050 9d3cb75d0b064b3c321632852b01cfca
          Size/MD5:  4474528 bc9647e3320d694226a2a8e6f107ec02
          Size/MD5:   589690 56edd0928fd37d727707c056a6b2817b

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   212828 72ae328af916d4e831f387092561e4ef
          Size/MD5:  1531820 7f5759f32b810ba0d2765f881f4661dc
          Size/MD5:  4363018 9ec1b1e8a3d8b71f47f7e49f07bc9319
          Size/MD5:   545602 a269667a162aff2a50b482a58bb23233

Ubuntu: Pidgin vulnerabilities

November 24, 2008
It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler

Summary

Update Instructions

References

Severity
pidgin vulnerabilities

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved