U radu programskog paketa Pidgin uočeno je i ispravljeno više sigurnosnih propusta koje je potencijalni napadač mogao iskoristiti za DoS (eng. Denial of Service) napad.
| Paket: | pidgin 2.x |
| Operacijski sustavi: | Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0 |
| Kritičnost: | 4.3 |
| Problem: | neodgovarajuća provjera ulaznih podataka, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-4601, CVE-2011-3594 |
| Izvorni ID preporuke: | MDVSA-2011:183 |
| Izvor: | Mandriva |
| Problem: | |
| Sigurnosni propusti se javljaju zbog neodgovarajuće provjere ulaznih podataka i poruka u protokolima XMPP, OSCAR te SILC. |
|
| Posljedica: | |
| Navedeni needostaci se mogu iskoristiti za napad uskraćivanjem usluga (DoS). |
|
| Rješenje: | |
| Svim se korisnicima navedenog savjetuje primjena dostupnih zakrpa. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:183
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : December 10, 2011
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in pidgin:
When receiving various stanzas related to voice and video chat,
the XMPP protocol plugin failed to ensure that the incoming message
contained all required fields, and would crash if certain fields
were missing.
When receiving various messages related to requesting or receiving
authorization for adding a buddy to a buddy list, the oscar protocol
plugin failed to validate that a piece of text was UTF-8. In some
cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).
When receiving various incoming messages, the SILC protocol plugin
failed to validate that a piece of text was UTF-8. In some cases
invalid UTF-8 data would lead to a crash (CVE-2011-3594).
This update provides pidgin 2.10.1, which is not vulnerable to
these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3594
http://www.pidgin.im/news/security/
http://pidgin.im/news/security/?id=56
http://pidgin.im/news/security/?id=57
http://pidgin.im/news/security/?id=58
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
5760fb2021c3bcd9a9cc868c4d372ed9
2010.1/i586/finch-2.10.1-0.1mdv2010.2.i586.rpm
c3780080c901d37497d05a64ad04861c
2010.1/i586/libfinch0-2.10.1-0.1mdv2010.2.i586.rpm
44dab21da24dc0cbe87aa77cc169284c
2010.1/i586/libpurple0-2.10.1-0.1mdv2010.2.i586.rpm
8a02d670933e11151ed49c836dc8e7fb
2010.1/i586/libpurple-devel-2.10.1-0.1mdv2010.2.i586.rpm
e5565acb778b22f18c58d9f58936904d
2010.1/i586/pidgin-2.10.1-0.1mdv2010.2.i586.rpm
8d7dd47702343d6faf2cb8fc37905cb3
2010.1/i586/pidgin-bonjour-2.10.1-0.1mdv2010.2.i586.rpm
aee6e7d5b101af04a3d1bb565de1a48f
2010.1/i586/pidgin-client-2.10.1-0.1mdv2010.2.i586.rpm
6d6e5c647e0c88b8aec6044f13e3616c
2010.1/i586/pidgin-gevolution-2.10.1-0.1mdv2010.2.i586.rpm
70b22a04176ec1e5240b4e43722cede3
2010.1/i586/pidgin-i18n-2.10.1-0.1mdv2010.2.i586.rpm
6673de268a4c53b44dae91487944c211
2010.1/i586/pidgin-meanwhile-2.10.1-0.1mdv2010.2.i586.rpm
6862f6fc918cca0d60a162e9c160e452
2010.1/i586/pidgin-perl-2.10.1-0.1mdv2010.2.i586.rpm
754903e35ac3b0e77d2c13e846dbdc41
2010.1/i586/pidgin-plugins-2.10.1-0.1mdv2010.2.i586.rpm
2e16473bc98b8f4dda76b89b44690322
2010.1/i586/pidgin-silc-2.10.1-0.1mdv2010.2.i586.rpm
fd8a4eb06e140550966e9d4dd47e8647
2010.1/i586/pidgin-tcl-2.10.1-0.1mdv2010.2.i586.rpm
67da842fb1886685ed1f9d1a2811ca41
2010.1/SRPMS/pidgin-2.10.1-0.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
19214e80ad6e07bc8fbd76a770f5fb41
2010.1/x86_64/finch-2.10.1-0.1mdv2010.2.x86_64.rpm
b5fc8b19bc3566a9845e44e63ca91cd3
2010.1/x86_64/lib64finch0-2.10.1-0.1mdv2010.2.x86_64.rpm
9465e855935e5f1a1159824ca3529080
2010.1/x86_64/lib64purple0-2.10.1-0.1mdv2010.2.x86_64.rpm
5d8608f39db8a0888c05ebd592dee061
2010.1/x86_64/lib64purple-devel-2.10.1-0.1mdv2010.2.x86_64.rpm
7adaa941cd2bca0445e112f0d2a35f16
2010.1/x86_64/pidgin-2.10.1-0.1mdv2010.2.x86_64.rpm
56a3a11402f7397ba723cf341f7ff73c
2010.1/x86_64/pidgin-bonjour-2.10.1-0.1mdv2010.2.x86_64.rpm
e9877b42a24ad67f1c90a959809f543b
2010.1/x86_64/pidgin-client-2.10.1-0.1mdv2010.2.x86_64.rpm
55a597ea9298a7a34ce1c086982eb557
2010.1/x86_64/pidgin-gevolution-2.10.1-0.1mdv2010.2.x86_64.rpm
55461139c45ddb5851336ddcf0e89dab
2010.1/x86_64/pidgin-i18n-2.10.1-0.1mdv2010.2.x86_64.rpm
0a092014c245cf7b258e83308ab12b4a
2010.1/x86_64/pidgin-meanwhile-2.10.1-0.1mdv2010.2.x86_64.rpm
718579ad386213ebd9c73c9a4d2810db
2010.1/x86_64/pidgin-perl-2.10.1-0.1mdv2010.2.x86_64.rpm
bb044452a207e7df0ef1eb836c13c432
2010.1/x86_64/pidgin-plugins-2.10.1-0.1mdv2010.2.x86_64.rpm
d16a10cd074364d4a9a97e435cfe0b28
2010.1/x86_64/pidgin-silc-2.10.1-0.1mdv2010.2.x86_64.rpm
0b2cdfb643d2efb098c50e708f900f79
2010.1/x86_64/pidgin-tcl-2.10.1-0.1mdv2010.2.x86_64.rpm
67da842fb1886685ed1f9d1a2811ca41
2010.1/SRPMS/pidgin-2.10.1-0.1mdv2010.2.src.rpm
Mandriva Linux 2011:
9b78a3cb5192b6b973715a86d5f2a185
2011/i586/finch-2.10.1-0.1-mdv2011.0.i586.rpm
4d883b1daddce33fafe57d9a99463358
2011/i586/libfinch0-2.10.1-0.1-mdv2011.0.i586.rpm
499ca1bc78a3f2df77e88e2703a4a725
2011/i586/libpurple0-2.10.1-0.1-mdv2011.0.i586.rpm
b6948cabf0fcd0c3dd104219bf4d529b
2011/i586/libpurple-devel-2.10.1-0.1-mdv2011.0.i586.rpm
0016330f267d2bff69e61713c44699ed
2011/i586/pidgin-2.10.1-0.1-mdv2011.0.i586.rpm
9de78991ff7584e0814f54f2545fae24
2011/i586/pidgin-bonjour-2.10.1-0.1-mdv2011.0.i586.rpm
ee2045f1eda4a0183cb77f2a60f39ef2
2011/i586/pidgin-client-2.10.1-0.1-mdv2011.0.i586.rpm
6d079b32b1aaf2beaa3cc82f21c345d4
2011/i586/pidgin-gevolution-2.10.1-0.1-mdv2011.0.i586.rpm
e84ffa4bf739acaa10eda992600a6cc9
2011/i586/pidgin-i18n-2.10.1-0.1-mdv2011.0.i586.rpm
35242c70c5cd6cd765fe947a68049496
2011/i586/pidgin-meanwhile-2.10.1-0.1-mdv2011.0.i586.rpm
a3c3029ce97ff37d16cea641a7e19af2
2011/i586/pidgin-perl-2.10.1-0.1-mdv2011.0.i586.rpm
62f6cca4f6a7f812c5dd011ce0b83f8c
2011/i586/pidgin-plugins-2.10.1-0.1-mdv2011.0.i586.rpm
6949ebb1e90eedd7abd7aef9cfe1a42b
2011/i586/pidgin-silc-2.10.1-0.1-mdv2011.0.i586.rpm
648df3013f920bda8e8883582558dc63
2011/i586/pidgin-tcl-2.10.1-0.1-mdv2011.0.i586.rpm
5f6cac1bbc7686d563f15c282c3764e4 2011/SRPMS/pidgin-2.10.1-0.1.src.rpm
Mandriva Linux 2011/X86_64:
1f1cd638179effa0cd529acb24dd4956
2011/x86_64/finch-2.10.1-0.1-mdv2011.0.x86_64.rpm
e9f2ef661e38feecd31acb3972e139a4
2011/x86_64/lib64finch0-2.10.1-0.1-mdv2011.0.x86_64.rpm
316609fbb06b71f5ae9e53cf29fb6b85
2011/x86_64/lib64purple0-2.10.1-0.1-mdv2011.0.x86_64.rpm
65560e62c4289fa654cf81e5e1887d0f
2011/x86_64/lib64purple-devel-2.10.1-0.1-mdv2011.0.x86_64.rpm
97a4c63f7225b6994bf60a01aec4bff6
2011/x86_64/pidgin-2.10.1-0.1-mdv2011.0.x86_64.rpm
2806e8afe7c505a9bdd127297a85eaf5
2011/x86_64/pidgin-bonjour-2.10.1-0.1-mdv2011.0.x86_64.rpm
d0af78fbc9b0e946f26f76f77fd5cfe7
2011/x86_64/pidgin-client-2.10.1-0.1-mdv2011.0.x86_64.rpm
1acc288b16a9b84bdd1e9fd214b0d065
2011/x86_64/pidgin-gevolution-2.10.1-0.1-mdv2011.0.x86_64.rpm
2c9ca9d092a29f468300f8b504bf9e7f
2011/x86_64/pidgin-i18n-2.10.1-0.1-mdv2011.0.x86_64.rpm
52b5285287ad5d5cf470322eed2c0f3a
2011/x86_64/pidgin-meanwhile-2.10.1-0.1-mdv2011.0.x86_64.rpm
436f36f77d8e9833ad211019e90fe8d5
2011/x86_64/pidgin-perl-2.10.1-0.1-mdv2011.0.x86_64.rpm
89865ddd8ab4294dd5705be25952d941
2011/x86_64/pidgin-plugins-2.10.1-0.1-mdv2011.0.x86_64.rpm
3593366b028691c04ac9cc1b2e870cd7
2011/x86_64/pidgin-silc-2.10.1-0.1-mdv2011.0.x86_64.rpm
320993baaaf361e84c66bffc9ee3b354
2011/x86_64/pidgin-tcl-2.10.1-0.1-mdv2011.0.x86_64.rpm
5f6cac1bbc7686d563f15c282c3764e4 2011/SRPMS/pidgin-2.10.1-0.1.src.rpm
Mandriva Enterprise Server 5:
51615cc64b9336513dd37514a809f48d mes5/i586/finch-2.10.1-0.1mdvmes5.2.i586.rpm
5bd533e95ee376d1d4233b7814652ac3
mes5/i586/libfinch0-2.10.1-0.1mdvmes5.2.i586.rpm
0044d4c87f1f6938a08912cf049e5308
mes5/i586/libpurple0-2.10.1-0.1mdvmes5.2.i586.rpm
8dcd50bf49e30938de5daf041c16ae13
mes5/i586/libpurple-devel-2.10.1-0.1mdvmes5.2.i586.rpm
bfe19b9a2eec9969ead2f87967e708b9
mes5/i586/pidgin-2.10.1-0.1mdvmes5.2.i586.rpm
f87eef70053e0fde18aafb40d9601596
mes5/i586/pidgin-bonjour-2.10.1-0.1mdvmes5.2.i586.rpm
7aa41129fdc8b4b4b34c64987f48a71a
mes5/i586/pidgin-client-2.10.1-0.1mdvmes5.2.i586.rpm
b6279f9475d0e65a1c77a05565ae7a9c
mes5/i586/pidgin-gevolution-2.10.1-0.1mdvmes5.2.i586.rpm
c9ccd27fe610345f12ca6564e005c038
mes5/i586/pidgin-i18n-2.10.1-0.1mdvmes5.2.i586.rpm
c4c6546ccfc0323f090508eaca199600
mes5/i586/pidgin-meanwhile-2.10.1-0.1mdvmes5.2.i586.rpm
4b29c77749959ff3fbaf986c2143f57e
mes5/i586/pidgin-perl-2.10.1-0.1mdvmes5.2.i586.rpm
807f293353085db54ecc79311ac4771e
mes5/i586/pidgin-plugins-2.10.1-0.1mdvmes5.2.i586.rpm
ec25f777a62dca92a21aaa7530445508
mes5/i586/pidgin-silc-2.10.1-0.1mdvmes5.2.i586.rpm
f133afd3071815af482c56b61cc05dd9
mes5/i586/pidgin-tcl-2.10.1-0.1mdvmes5.2.i586.rpm
cf990ab47d35341c1949179e5c855ed4
mes5/SRPMS/pidgin-2.10.1-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
fefbb7e6f80ca220c2552292cb452ef7
mes5/x86_64/finch-2.10.1-0.1mdvmes5.2.x86_64.rpm
d2250929e39a5dcada37bc505727ee54
mes5/x86_64/lib64finch0-2.10.1-0.1mdvmes5.2.x86_64.rpm
a38a3893f1d1ba7d144fe119bfcc6513
mes5/x86_64/lib64purple0-2.10.1-0.1mdvmes5.2.x86_64.rpm
e17c2d0c6f21a82d5949c4f43d16c5e5
mes5/x86_64/lib64purple-devel-2.10.1-0.1mdvmes5.2.x86_64.rpm
685121d901a528c4a8b88243cffae232
mes5/x86_64/pidgin-2.10.1-0.1mdvmes5.2.x86_64.rpm
c01a809955a5529cb9c2b4b53e7d3648
mes5/x86_64/pidgin-bonjour-2.10.1-0.1mdvmes5.2.x86_64.rpm
3475de4053f190f75980a86a05b08252
mes5/x86_64/pidgin-client-2.10.1-0.1mdvmes5.2.x86_64.rpm
65d3ee299e581feca548a31190d881c9
mes5/x86_64/pidgin-gevolution-2.10.1-0.1mdvmes5.2.x86_64.rpm
390290a323fc4a43349ee8e306b6ece7
mes5/x86_64/pidgin-i18n-2.10.1-0.1mdvmes5.2.x86_64.rpm
0a565363b5a71527f4a187a49c8f36a8
mes5/x86_64/pidgin-meanwhile-2.10.1-0.1mdvmes5.2.x86_64.rpm
8bca72bb09b8aaba4b0dae20f7ef9461
mes5/x86_64/pidgin-perl-2.10.1-0.1mdvmes5.2.x86_64.rpm
42b9bb53533492aa48136e8f3e7fe208
mes5/x86_64/pidgin-plugins-2.10.1-0.1mdvmes5.2.x86_64.rpm
641a10bd606b298bd6eaf8697e1a8a82
mes5/x86_64/pidgin-silc-2.10.1-0.1mdvmes5.2.x86_64.rpm
f346af0db7fe52d03c475a44600228f2
mes5/x86_64/pidgin-tcl-2.10.1-0.1mdvmes5.2.x86_64.rpm
cf990ab47d35341c1949179e5c855ed4
mes5/SRPMS/pidgin-2.10.1-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFO48eXmqjQ0CJFipgRAi1zAJ9XZyr4ewcx6I07V7lmlYNcx4Op+gCdF0nv
qxwMoDXEu1edILl3CkSnFvQ=
=Bho6
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke