Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: Pidgin vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)
Ubuntu Security Notice USN-902-1          February 22, 2010
pidgin vulnerabilities
CVE-2010-0277, CVE-2010-0420, CVE-2010-0423

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  pidgin                          1:2.4.1-1ubuntu2.9

Ubuntu 8.10:
  pidgin                          1:2.5.2-0ubuntu1.7

Ubuntu 9.04:
  pidgin                          1:2.5.5-1ubuntu8.6

Ubuntu 9.10:
  pidgin                          1:2.6.2-1ubuntu7.2

After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.

Details follow:

Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of
an incoming message in the MSN protocol handler. A remote attacker could
send a specially crafted message and cause Pidgin to crash, leading to a
denial of service. (CVE-2010-0277)

Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain
nicknames in Finch group chat rooms. A remote attacker could use a
specially crafted nickname and cause Pidgin to crash, leading to a denial
of service. (CVE-2010-0420)

Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of
smileys. A remote attacker could send a specially crafted message and cause
Pidgin to become unresponsive, leading to a denial of service.

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:   145254 2b544831e8de16fc577a725795c992ec
      Size/MD5:     1541 ce83995281bc188714dcce63bb5dc4b9
      Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778

  Architecture independent packages:
      Size/MD5:    37842 521ae85f4f1598f60454b17e5bb4b72b
      Size/MD5:    93298 e87356416e7f26eff95ef989153a92b7
      Size/MD5:   235690 27722a4b55c651ba86b404a0bc39561c
      Size/MD5:  1329772 6532258c29c6e6f1606b47996520f6d9
      Size/MD5:    72658 c37493a599429e5cbe10179ba807c630
      Size/MD5:    87412 74350589e360b0d2d916c0532593071e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   226904 52165d3e27b46ab9083e9d1bf4dc40a9
      Size/MD5:  1574226 56ccda7f460d9d03a20990293f080e05
      Size/MD5:  4435972 179e25a48e8c3654022d2770e0fea56d
      Size/MD5:   572200 a233237f0af055b7b49f6d7fa958addc

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   200892 cc529e61ba48c6d1247bc6755fb528f7
      Size/MD5:  1332660 24c60b167b9fc42bacd7c2145b3fe563
      Size/MD5:  4246830 2aad7357e75e86fc41238af59f3d3c4c
      Size/MD5:   517298 d6c01127eb67ff728cadb38c77459736

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   197230 6551520cda53f728f83edac60d4cf106
      Size/MD5:  1384294 514e4164c5e943be597cba6bedae0d79
      Size/MD5:  4375878 64f26193075c8320fb56ae97217f66c1
      Size/MD5:   511832 8dc34f83d2c86df81149bb21c729b023

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   237150 a9b6deaccb192cd78b99bac1e7658d3d
      Size/MD5:  1602710 61810a479bbddfd8f2428e85445a6d97
      Size/MD5:  4480740 0156168766cba9630c72589485002d18
      Size/MD5:   589750 68e026ba016c14c90691a594becd82fc

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   212874 075454cbba520d09bc1a89eb28e67485
      Size/MD5:  1500934 fd0b6d3e39a4c1dbe0145a9aaae7deab
      Size/MD5:  4370178 4bdd2674491506551bf15c24d56585c8
      Size/MD5:   545750 7d775d960d7d0d759cd3b1a9ad47cc6f

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:    68645 10a6edc458a50f014284b0f203623ecb
      Size/MD5:     1996 f92183d83936a98a31cba9a83076fbbd
      Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf

  Architecture independent packages:
      Size/MD5:    38240 641d269e84d2c1ec200c5769c2fd5739
      Size/MD5:    95702 5c6643d024a67a3ed4ddedf1dae3df28
      Size/MD5:   243328 244eb97001b55aa379ba96d88cd0d527
      Size/MD5:  1107636 c36669964e3803d2ffcba39de5e9ed9a
      Size/MD5:  1357928 034f626f0e5af9a815a15a1256cd635c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   230092 6ac205888948db4f6f505066b3b0cb0a
      Size/MD5:  1756710 17c09514962be6c5a9d5c36183c59e82
      Size/MD5:  4663072 b456319ff19ef32a47ca6e0a80334896
      Size/MD5:   614108 2e27ac752f4939e633b231f6ac4434f7

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   204042 ebe0bd3aa635a66b1afe51b347c03c91
      Size/MD5:  1504372 819477c278c607c91d81d1577fdf2319
      Size/MD5:  4468090 55d1c8deb0dc0d64ac565287bf5de012
      Size/MD5:   559740 2e26f329298a42883be6e58b0234ba69

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   200694 5320df69f87132bc72e1eaa6be6f8e43
      Size/MD5:  1553328 cd121b0e0ccc768f592195af0cb32a24
      Size/MD5:  4601572 c949b0b189f498720e8f3e8454763a65
      Size/MD5:   553810 d6d6e16c6d237d86bd70aa05f4765ec2

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   235542 e48a8e2bb528ae6691a13f6da99ce420
      Size/MD5:  1791930 6b8c8fce58083e974a3285e1a7a67493
      Size/MD5:  4687590 962c5ee045280e0584341a0b12c0f60d
      Size/MD5:   619648 3db676ae1547f275c3ec0c8f262cc5eb

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   217346 3371b611d23c209dd6e3f814fd5d62a8
      Size/MD5:  1683966 3cf37eec8e36ba8b9f1ee0c5e62fd0b4
      Size/MD5:  4589960 ceedf147b985513f640ea561d6e9944c
      Size/MD5:   590944 8535aaa00957f2b4dc8aa326b0169818

Updated packages for Ubuntu 9.04:

  Source archives:
      Size/MD5:   140144 8ec4f9a1db1b267c725dd840a26a277f
      Size/MD5:     1936 0b81369fb50ebf6405a506b64ee73be2
      Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f

  Architecture independent packages:
      Size/MD5:    38436 e02594bf7ca430658f88252b21163936
      Size/MD5:    98292 58aebff70f5ab0a9e8b3acc78570aca0
      Size/MD5:   246438 635d09312f2aed538dd373c9d99e5718
      Size/MD5:  1151500 534e0dbaa30290f1e623614f8113a918
      Size/MD5:  1371648 6ff3700b5b8672b9d41a985f71a40518

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   235090 c2ab4b1b780c000ecf8fd72c552e414e
      Size/MD5:  1770858 232b59d39dfd08d33c34068d330245ad
      Size/MD5:  5847656 6f0344412fb27095000d08cce090d3e5
      Size/MD5:   567652 5192f29847c25ae04f15cc61eea9150e

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   213596 69829d0f42145325ec6a51c48b7ebc4e
      Size/MD5:  1553544 02b9a25aa5aa3291f0b38a30f294d99c
      Size/MD5:  5449560 670fb55ab753eadf7867492239e33345
      Size/MD5:   519574 ab976a57f75e793817e5f186223fceb4

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   212154 f1ba704d285e031925c3d48150db5742
      Size/MD5:  1615690 ba8e162182d16fd31788c77abeca9688
      Size/MD5:  5597466 4d791af63601906fe84a46c82d2d9427
      Size/MD5:   518724 f8ab24fe6c9c49223007abbde72d64cc

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   245152 ad6b26c38966d883671bc58f04f93244
      Size/MD5:  1827288 784ce4fb1aaaec57ad508382494f88ef
      Size/MD5:  5760970 ed1bb0bbf629964fd17421dc6558c665
      Size/MD5:   581138 6261284fadd8f0e08084fe6372123167

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   214646 0e9413f88fe304e0c328b39df21733f5
      Size/MD5:  1642084 ab78102ca0839b74bae0a0f600de2245
      Size/MD5:  5292804 b970e7e30d07b2f3b0f5e4cf941aa372
      Size/MD5:   522224 1ea26eb8af6b4dca3c3fee9c7890f032

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:    67077 7f4c8387391d874020768d27c2d4335a
      Size/MD5:     2023 ba82289757f109bf769984298f3245e9
      Size/MD5: 12953515 ec6053408251413f6879a80760787405

  Architecture independent packages:
      Size/MD5:    39662 50a497f38dcd15cba59f150b85337217
      Size/MD5:    99774 da4df7376b0f9692b5a19835e6a0cb3c
      Size/MD5:   278102 f24b29af119795f82cbd25120636b098
      Size/MD5:  1233676 138d0fb6b659724e7abdaddd81c08de7
      Size/MD5:  1627194 04fe17f8f5588270c8886204ef1048fc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   245270 349d6e2d2940693ebde36f4d5e66282f
      Size/MD5:  1927654 30e0da2dd03fa60fe1ec990b3510b1c7
      Size/MD5:  6135668 3b83ff079d542d78297788ef14d87f41
      Size/MD5:   628790 97d3c2626ddb40689520af9a9aad80ae

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   223310 b6888ce9f86351e7dce8bca9eeba5041
      Size/MD5:  1775822 650df2678104f4deb387d1a37ec5ff91
      Size/MD5:  5877568 181226000d17a5bd2f74569d218b1a72
      Size/MD5:   575716 a92a96e189fa5a2642714d83e6e65d44

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   223272 f621b6991faeb25ada6d4389f0accc62
      Size/MD5:  1767678 4396c7b06f214b054977e8a9a7524757
      Size/MD5:  6035804 736736b5be49542c94d9a7d79e197a83
      Size/MD5:   576072 a5e9b53e335d1726779edf88da879f2c

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   239706 999b3eb3d78c9a4daed286bb16d28b12
      Size/MD5:  1919450 24f08af1760b122b803215de6980da63
      Size/MD5:  6262852 1ce22af83a48c007f5c48af5ace9d8db
      Size/MD5:   609536 3fc61f92abb2fb95965de209eae2b3db

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   224616 710c0ac29a294926797b8358fc5d8c25
      Size/MD5:  1771904 463519a0c7d0a6e75f9feaaadd2cecf6
      Size/MD5:  5678710 eca9b5bf95a5fdfbda6890fe55fdbe09
      Size/MD5:   576792 1f6c83682d459b03767d156cce82bac6

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.