Dva propusta paketa pidgin

Ispravljena su dva sigurnosna propusta u radu paketa pidgin koja zlonamjernom korisniku omogućuju rušenje ranjivog programa.

Paket:	pidgin 2.x
Operacijski sustavi:	Fedora 15
Problem:	neodgovarajuća provjera ulaznih podataka
Iskorištavanje:	lokalno/udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	FEDORA-2012-4600
Izvor:	Fedora

Problem:
Dva propusta javljaju se zbog nepravilnosti u obradi ulaznih UTF-8 nizova te odgovora od poslužitelja.
Posljedica:
Zlonamjerni korisnik koji posebno oblikuje navedene nizove mogao bi srušiti program (DoS).
Rješenje:
Svim se korisnicima savjetuje nadogradnja.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4600
2012-03-24 00:06:31
--------------------------------------------------------------------------------

Name        : pidgin
Product     : Fedora 15
Version     : 2.10.2
Release     : 1.fc15
URL         : http://pidgin.im/
Summary     : A Gtk+ based multiprotocol instant messaging client
Description :
Pidgin allows you to talk to anyone using a variety of messaging
protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,
ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and
Zephyr.  These protocols are implemented using a modular, easy to
use design.  To use a protocol, just add an account using the
account editor.

Pidgin supports many common features of other clients, as well as many
unique features, such as perl scripting, TCL scripting and C plugins.

Pidgin is not affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, Yahoo! Inc., or ICQ Inc.

--------------------------------------------------------------------------------
Update Information:

version 2.10.2 (03/14/2012)

View all closed tickets for this release.

    General:
        Fix compilation when using binutils 2.22 and new GDK pixbuf. (#14799)
        Fix compilation of the MXit protocol plugin with GLib 2.31. (#14773) 

    Pidgin:
        Add support for the GNOME3 Network dialog. (#13882)
        Fix rare crash. (#14392)
        Add support for the GNOME3 Default Application dialog for configuring
the Browser. 

    libpurple:
        Support new connection states and signals for NetworkManager 0.9+. (Dan
Williams) (#13859) 

    AIM and ICQ:
        Fix a possible crash when receiving an unexpected message from the
server. (Thijs Alkemade) (#14983)
        Allow signing on with usernames containing periods and underscores.
(#13500)
        Allow adding buddies containing periods and underscores. (#13500)
        Don't try to format ICQ usernames entered as email addresses. Gets rid
of an "Unable to format username" error at login. (#13883) 

    MSN:
        Fix possible crashes caused by not validating incoming messages as
UTF-8. (Thijs Alkemade) (#14884)
        Support new protocol version MSNP18. (#14753)
        Fix messages to offline contacts. (#14302) 

    Windows-Specific Changes:
        Fix the installer downloading of spell-checking dictionaries (#14612)
        Fix compilation of the Bonjour protocol plugin. (#14802) 

    Plugins:
        The autoaccept plugin will no longer reset the preference for unknown
buddies to "Auto Reject" in certain cases. (#14964) 
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 23 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.10.2-1
- Update to 2.10.2, BZ 803293, 803299.
- Dropping MSN patches.  Protocol patch not needed, won't connect
- to 16 by default.  Crash patch was upstreamed.
- Dropped nm09 patch, upstreamed.
* Fri Mar  9 2012 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.10.1-4
- fedora 17+ uses farstream now instead of farsight2
* Wed Jan 18 2012 Matthew Barnes <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.10.1-3
- Map RHEL 7 to Fedora 16 (for now).
* Wed Jan 18 2012 Matthew Barnes <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.10.1-2
- Map RHEL 7 to Fedora 16 (for now).
* Thu Dec 29 2011 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.10.1-1
- 2.10.1, includes security fixes for CVE-2011-3594, CVE-2011-4601,
  CVE-2011-4602, CVE-2011-4603
* Mon Nov 28 2011 Milan Crha <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.10.0-5
- Rebuild against newer evolution-data-server
* Sun Oct 30 2011 Bruno Wolff III <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.10.0-4
- Rebuild against newer evolution-data-server
* Tue Aug 30 2011 Milan Crha <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.10.0-3
- Sync version with f16 branch
* Mon Aug 29 2011 Milan Crha <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.10.0-2
- Rebuild against newer evolution-data-server
* Sun Aug 21 2011 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.10.0-1
- 2.10.0
- Link against system libgadu instead of using internal copy (#713888)
* Tue Aug 16 2011 Milan Crha <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.9.0-3
- Rebuild against newer evolution-data-server
* Thu Jul 21 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.9.0-2
- Perl mass rebuild
* Thu Jun 30 2011 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.8.0-3
- 2.9.0, includes security/DoS fix to work around gdk-pixbuf issue
  CVE-2011-2485
* Mon Jun 20 2011 Milan Crha <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.8.0-3
- Rebuild against new evolution-data-server
* Fri Jun 17 2011 Marcela MaÄ¹Ä

Dva propusta paketa pidgin

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Dva propusta paketa pidgin

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti