U radu programskog paketa Pidgin uočena su dva nova sigurnosna propusta. Udaljeni zloćudni korisnik spomenute nedostatke može iskoristiti za DoS (eng. Denial of Service) napad.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:082
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pidgin
 Date    : May 28, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in pidgin:
 
 A series of specially crafted file transfer requests can cause clients
 to reference invalid memory. The user must have accepted one of the
 file transfer requests (CVE-2012-2214).
 
 Incoming messages with certain characters or character encodings can
 cause clients to crash (CVE-2012-2318).
 
 This update provides pidgin 2.10.4, which is not vulnerable to
 these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318
 http://www.pidgin.im/news/security/
 http://www.pidgin.im/news/security/?id=62
 http://www.pidgin.im/news/security/?id=63
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 bef050030adee6a6d8a6ce2116ef2997 
2011/i586/finch-2.10.4-0.1-mdv2011.0.i586.rpm
 0331afa765ec36c87f469500bf178ee4 
2011/i586/libfinch0-2.10.4-0.1-mdv2011.0.i586.rpm
 2bf80984270719e8e15414f49f2ab04b 
2011/i586/libpurple0-2.10.4-0.1-mdv2011.0.i586.rpm
 557db76a0aad842f0c2cb80e8a16ac7e 
2011/i586/libpurple-devel-2.10.4-0.1-mdv2011.0.i586.rpm
 7435f72c8cd2358d8aca7c29140c9c7d 
2011/i586/pidgin-2.10.4-0.1-mdv2011.0.i586.rpm
 17ea6ccf5344fac74668ea979d7da86a 
2011/i586/pidgin-bonjour-2.10.4-0.1-mdv2011.0.i586.rpm
 a7a4475e3caa52e1353612f522856284 
2011/i586/pidgin-client-2.10.4-0.1-mdv2011.0.i586.rpm
 5771361b7c5713a34c9f116a0e6e9127 
2011/i586/pidgin-gevolution-2.10.4-0.1-mdv2011.0.i586.rpm
 0d5daddc1b6d6c0ab1ce0057e8b4b0ac 
2011/i586/pidgin-i18n-2.10.4-0.1-mdv2011.0.i586.rpm
 ceafa80a86569642d974fe095414e725 
2011/i586/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.i586.rpm
 521837eb4a4bbaf19996f9a88f7936bb 
2011/i586/pidgin-perl-2.10.4-0.1-mdv2011.0.i586.rpm
 9c2a6a5e60aef9b19692cbec801b87b8 
2011/i586/pidgin-plugins-2.10.4-0.1-mdv2011.0.i586.rpm
 012809faae1cb25d0a3637a19858d9c9 
2011/i586/pidgin-silc-2.10.4-0.1-mdv2011.0.i586.rpm
 2127fe686c24f5a44c4ed680231e8cd6 
2011/i586/pidgin-tcl-2.10.4-0.1-mdv2011.0.i586.rpm 
 b977e3cb9a308a2e772b7ccb5d39c370  2011/SRPMS/pidgin-2.10.4-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 69d6d461391fe01e8bb100fd252efde3 
2011/x86_64/finch-2.10.4-0.1-mdv2011.0.x86_64.rpm
 e7485e20ba16037cf302cb7afc3fea89 
2011/x86_64/lib64finch0-2.10.4-0.1-mdv2011.0.x86_64.rpm
 a7521660b6a2b6c9cd0acbdbcf6946c1 
2011/x86_64/lib64purple0-2.10.4-0.1-mdv2011.0.x86_64.rpm
 24757f828f3f25488be291e7d5365e00 
2011/x86_64/lib64purple-devel-2.10.4-0.1-mdv2011.0.x86_64.rpm
 c552d655223d60f64e4089b1841a690c 
2011/x86_64/pidgin-2.10.4-0.1-mdv2011.0.x86_64.rpm
 f95bc494277ff7e083413528c2cc42d9 
2011/x86_64/pidgin-bonjour-2.10.4-0.1-mdv2011.0.x86_64.rpm
 b8461999b7a10719476fe6bd43ed972c 
2011/x86_64/pidgin-client-2.10.4-0.1-mdv2011.0.x86_64.rpm
 9ca33b7b07128f0f66bdb1b21cad4e84 
2011/x86_64/pidgin-gevolution-2.10.4-0.1-mdv2011.0.x86_64.rpm
 b32f3c197ba607e9c2f92ded9ae0b283 
2011/x86_64/pidgin-i18n-2.10.4-0.1-mdv2011.0.x86_64.rpm
 dd5b75e821d541f66e7d0766c9a6f6ae 
2011/x86_64/pidgin-meanwhile-2.10.4-0.1-mdv2011.0.x86_64.rpm
 f9bf0cd48c12e8a36e85f1dac2c06672 
2011/x86_64/pidgin-perl-2.10.4-0.1-mdv2011.0.x86_64.rpm
 71057b5d79e4dfba09321eee54d98dcb 
2011/x86_64/pidgin-plugins-2.10.4-0.1-mdv2011.0.x86_64.rpm
 ffa4c2e94e4d2b0597ec94108340bada 
2011/x86_64/pidgin-silc-2.10.4-0.1-mdv2011.0.x86_64.rpm
 d8e088f101b312bfde020e39a4134c2e 
2011/x86_64/pidgin-tcl-2.10.4-0.1-mdv2011.0.x86_64.rpm 
 b977e3cb9a308a2e772b7ccb5d39c370  2011/SRPMS/pidgin-2.10.4-0.1.src.rpm

 Mandriva Enterprise Server 5:
 9a4c0fd6f19f32491cb81be5304b3b7f  mes5/i586/finch-2.10.4-0.1mdvmes5.2.i586.rpm
 871836ceb09eac2f02f1b3fa6b947506 
mes5/i586/libfinch0-2.10.4-0.1mdvmes5.2.i586.rpm
 2dd36fd15de2ddb55ec014f14a976561 
mes5/i586/libpurple0-2.10.4-0.1mdvmes5.2.i586.rpm
 f280ae9695571a39a85bc9978d4525fe 
mes5/i586/libpurple-devel-2.10.4-0.1mdvmes5.2.i586.rpm
 d27b90b2e2f12ae89582f04b3f194751 
mes5/i586/pidgin-2.10.4-0.1mdvmes5.2.i586.rpm
 167a3742e07438466c270820613a5fcc 
mes5/i586/pidgin-bonjour-2.10.4-0.1mdvmes5.2.i586.rpm
 02fbe71ad44ec5e8b2d4f9c470010654 
mes5/i586/pidgin-client-2.10.4-0.1mdvmes5.2.i586.rpm
 edf56ff5975f98b4ea5b6463b43646d8 
mes5/i586/pidgin-gevolution-2.10.4-0.1mdvmes5.2.i586.rpm
 a50fc90896857995ec2fcf4a9c20bea8 
mes5/i586/pidgin-i18n-2.10.4-0.1mdvmes5.2.i586.rpm
 7a8e884e0b61bff3a9afc432810261e0 
mes5/i586/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.i586.rpm
 5860dbaab368fccd0dc16e0d30f1be5c 
mes5/i586/pidgin-perl-2.10.4-0.1mdvmes5.2.i586.rpm
 ee1ca5f6cca543cf8f2d1af8acc92fdc 
mes5/i586/pidgin-plugins-2.10.4-0.1mdvmes5.2.i586.rpm
 30af0a61aaebd8937983e416f74bbb2a 
mes5/i586/pidgin-silc-2.10.4-0.1mdvmes5.2.i586.rpm
 f7e8883d2fa5f20a0c59f3e1e1790adc 
mes5/i586/pidgin-tcl-2.10.4-0.1mdvmes5.2.i586.rpm 
 c629adfa2d43585105be933466e6d366 
mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8c3da9c1ae1a49d3b048bb03be17810e 
mes5/x86_64/finch-2.10.4-0.1mdvmes5.2.x86_64.rpm
 a7a841ac4a2f3115f14930b2dd462074 
mes5/x86_64/lib64finch0-2.10.4-0.1mdvmes5.2.x86_64.rpm
 16120decc116f49a9bfc20e9642a3130 
mes5/x86_64/lib64purple0-2.10.4-0.1mdvmes5.2.x86_64.rpm
 396f02442c0cfbcb530fa518cbf3b389 
mes5/x86_64/lib64purple-devel-2.10.4-0.1mdvmes5.2.x86_64.rpm
 51f5c14a4e941e1ffc818408ec902af8 
mes5/x86_64/pidgin-2.10.4-0.1mdvmes5.2.x86_64.rpm
 1a607ed7b1772421bdb70e922119dca4 
mes5/x86_64/pidgin-bonjour-2.10.4-0.1mdvmes5.2.x86_64.rpm
 52a43e7519eccdde5570cc343697e271 
mes5/x86_64/pidgin-client-2.10.4-0.1mdvmes5.2.x86_64.rpm
 5b96e447aac38288c4147078b6bc3f8a 
mes5/x86_64/pidgin-gevolution-2.10.4-0.1mdvmes5.2.x86_64.rpm
 7b88dfac197f7213bb9de95dfd47bc3c 
mes5/x86_64/pidgin-i18n-2.10.4-0.1mdvmes5.2.x86_64.rpm
 4c766c56d7e11b2aa6c4089d93c41a3e 
mes5/x86_64/pidgin-meanwhile-2.10.4-0.1mdvmes5.2.x86_64.rpm
 a688528aafafdcdb1033dd3a28b2df70 
mes5/x86_64/pidgin-perl-2.10.4-0.1mdvmes5.2.x86_64.rpm
 fab9bbd6ad53f66c93ce0d8ce76c9ea5 
mes5/x86_64/pidgin-plugins-2.10.4-0.1mdvmes5.2.x86_64.rpm
 68f561d5573ec899fbc150a2e2b6db8b 
mes5/x86_64/pidgin-silc-2.10.4-0.1mdvmes5.2.x86_64.rpm
 73feee59eeec17b84b028ba600874bfd 
mes5/x86_64/pidgin-tcl-2.10.4-0.1mdvmes5.2.x86_64.rpm 
 c629adfa2d43585105be933466e6d366 
mes5/SRPMS/pidgin-2.10.4-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPw4OemqjQ0CJFipgRAlkLAJ4s5jNQkDp07qoeBOJnXs5CpjO54QCfec5Z
Puo+VFqX6322lldU1NTlMZk=
=jEk/
-----END PGP SIGNATURE-----