==========================================================================
Ubuntu Security Notice USN-1273-1
November 21, 2011
pidgin vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Pidgin could be made to crash if it received specially crafted network
traffic.
Software Description:
- pidgin: multi-protocol instant messaging client
Details:
Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG
messages in the Yahoo! protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2011-1091)
Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100
responses in the MSN protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. (CVE-2011-3184)
Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8
sequences in the SILC protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. (CVE-2011-3594)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
pidgin 1:2.7.11-1ubuntu2.1
Ubuntu 10.10:
pidgin 1:2.7.3-1ubuntu3.3
Ubuntu 10.04 LTS:
pidgin 1:2.6.6-1ubuntu4.4
After a standard system update you need to restart Pidgin to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1273-1
CVE-2011-1091, CVE-2011-3184, CVE-2011-3594
Package Information:
https://launchpad.net/ubuntu/+source/pidgin/1:2.7.11-1ubuntu2.1
https://launchpad.net/ubuntu/+source/pidgin/1:2.7.3-1ubuntu3.3
https://launchpad.net/ubuntu/+source/pidgin/1:2.6.6-1ubuntu4.4
Posljednje sigurnosne preporuke