Uočen je sigurnosni propust programskog paketa pidgin. Udaljeni napadač može iskoristiti spomenuti nedostatak za pokretanje proizvoljnog programskog koda.
| Paket: | pidgin 2.x |
| Operacijski sustavi: | Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0 |
| Problem: | preljev međuspremnika |
| Iskorištavanje: | udaljeno |
| Posljedica: | proizvoljno izvršavanje programskog koda |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-3374 |
| Izvorni ID preporuke: | MDVSA-2012:105 |
| Izvor: | Mandriva |
| Problem: | |
| Propust je posljedica preljeva međuspremnika u datoteci "markup.c" uslijed nepravilne obrade slika koje se nalaze u istoj razini s tekstom. |
|
| Posljedica: | |
| Udaljeni napadač može iskoristiti navedeni propust za pokretanje proizvoljnog programskog koda. |
|
| Rješenje: | |
| Svim korisnicima se savjetuje korištenje službene programske nadogradnje. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:105
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pidgin
Date : July 12, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in pidgin:
Incorrect handing of inline images in incoming instant messages can
cause a buffer overflow and in some cases can be exploited to execute
arbitrary code (CVE-2012-3374).
This update provides pidgin 2.10.6, which is not vulnerable to
this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374
http://www.pidgin.im/news/security/
http://pidgin.im/news/security/?id=64
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2011:
f7e80d172c6ff75bef0a079589f17a1b
2011/i586/finch-2.10.6-0.1-mdv2011.0.i586.rpm
9c75f2f1b17effeaaaf710463875a473
2011/i586/libfinch0-2.10.6-0.1-mdv2011.0.i586.rpm
d4db21d9df134c4f11b08707b77707e1
2011/i586/libpurple0-2.10.6-0.1-mdv2011.0.i586.rpm
a889ba0e001bee7af11f6009e3562215
2011/i586/libpurple-devel-2.10.6-0.1-mdv2011.0.i586.rpm
2b72382164f8fd402f0b460c82c56959
2011/i586/pidgin-2.10.6-0.1-mdv2011.0.i586.rpm
759ae3b3f5929db50d9aef394d949605
2011/i586/pidgin-bonjour-2.10.6-0.1-mdv2011.0.i586.rpm
54296635ba1a6177f5b41763cbe60a71
2011/i586/pidgin-client-2.10.6-0.1-mdv2011.0.i586.rpm
a9da5bc76e3386b7fd523e3399b76913
2011/i586/pidgin-gevolution-2.10.6-0.1-mdv2011.0.i586.rpm
8b2b02aa62ff5263847946efb42c7b35
2011/i586/pidgin-i18n-2.10.6-0.1-mdv2011.0.i586.rpm
86c69bb304cebd8b68a5c4f72c910ac7
2011/i586/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.i586.rpm
423b5de6a52df201b49bad1084abe911
2011/i586/pidgin-perl-2.10.6-0.1-mdv2011.0.i586.rpm
74c109b3d3656734e8faf4601aadba38
2011/i586/pidgin-plugins-2.10.6-0.1-mdv2011.0.i586.rpm
f441239c240d79e4ef35af71f215257a
2011/i586/pidgin-silc-2.10.6-0.1-mdv2011.0.i586.rpm
46739077bff4833ad182dc40795aadff
2011/i586/pidgin-tcl-2.10.6-0.1-mdv2011.0.i586.rpm
e8a07df63c3f2a450a4b45eb95cb9fd4 2011/SRPMS/pidgin-2.10.6-0.1.src.rpm
Mandriva Linux 2011/X86_64:
2d9874e00deb28593b98a4b63a11fc95
2011/x86_64/finch-2.10.6-0.1-mdv2011.0.x86_64.rpm
fe7d3656599ec27b78c31be4dfb68441
2011/x86_64/lib64finch0-2.10.6-0.1-mdv2011.0.x86_64.rpm
b7a208f00fe6b2e53f9bd2c12522c24c
2011/x86_64/lib64purple0-2.10.6-0.1-mdv2011.0.x86_64.rpm
66025c20289c6b2217319dda95a198e9
2011/x86_64/lib64purple-devel-2.10.6-0.1-mdv2011.0.x86_64.rpm
cfff0a1ede9098cf357118b10b92f2d0
2011/x86_64/pidgin-2.10.6-0.1-mdv2011.0.x86_64.rpm
88af560635a40fcd409b3220b954e310
2011/x86_64/pidgin-bonjour-2.10.6-0.1-mdv2011.0.x86_64.rpm
6a9f611ae694f7694548f6f0c9ff50c6
2011/x86_64/pidgin-client-2.10.6-0.1-mdv2011.0.x86_64.rpm
7d40804aed23ddb0e5cd97c9e49f1c9e
2011/x86_64/pidgin-gevolution-2.10.6-0.1-mdv2011.0.x86_64.rpm
36987a95485088a304c6eb690dd0ff9e
2011/x86_64/pidgin-i18n-2.10.6-0.1-mdv2011.0.x86_64.rpm
bb8008b19912728181c2f38750ccc3dd
2011/x86_64/pidgin-meanwhile-2.10.6-0.1-mdv2011.0.x86_64.rpm
b5810dfdc498eb7c04745b15570796a0
2011/x86_64/pidgin-perl-2.10.6-0.1-mdv2011.0.x86_64.rpm
accbd9be402022dff0b5a06bdd5728c1
2011/x86_64/pidgin-plugins-2.10.6-0.1-mdv2011.0.x86_64.rpm
7e32481fb83772a7db9258cb93bc9054
2011/x86_64/pidgin-silc-2.10.6-0.1-mdv2011.0.x86_64.rpm
610c85d510ed29a36b87789628614c84
2011/x86_64/pidgin-tcl-2.10.6-0.1-mdv2011.0.x86_64.rpm
e8a07df63c3f2a450a4b45eb95cb9fd4 2011/SRPMS/pidgin-2.10.6-0.1.src.rpm
Mandriva Enterprise Server 5:
c196053127a5d88a98d3fa631bfcc256 mes5/i586/finch-2.10.6-0.1mdvmes5.2.i586.rpm
2453d8f1af8aa146d464337614ae0977
mes5/i586/libfinch0-2.10.6-0.1mdvmes5.2.i586.rpm
b16a875e4ae467a4930b9e3bd3789317
mes5/i586/libpurple0-2.10.6-0.1mdvmes5.2.i586.rpm
d6a3ed842d2f37d9bbdb166935b61802
mes5/i586/libpurple-devel-2.10.6-0.1mdvmes5.2.i586.rpm
35f1e22da342cfed18b827a0c7434f38
mes5/i586/pidgin-2.10.6-0.1mdvmes5.2.i586.rpm
bb71bb14fc009fb8246f8bd6bbd93491
mes5/i586/pidgin-bonjour-2.10.6-0.1mdvmes5.2.i586.rpm
ff038b482916d9496c39c3c9ff1dc5f3
mes5/i586/pidgin-client-2.10.6-0.1mdvmes5.2.i586.rpm
3e4740561caaa1d3d3daac49b4f5a4fb
mes5/i586/pidgin-gevolution-2.10.6-0.1mdvmes5.2.i586.rpm
3aed37790a68c8e7d4f7390751254f0a
mes5/i586/pidgin-i18n-2.10.6-0.1mdvmes5.2.i586.rpm
3cb0495fdf8b600fdaf662d11b5ce0a8
mes5/i586/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.i586.rpm
4def3f67bb7c153fd4f3053d129f7676
mes5/i586/pidgin-perl-2.10.6-0.1mdvmes5.2.i586.rpm
bf772b21bb3bfd378beba9418104c9d7
mes5/i586/pidgin-plugins-2.10.6-0.1mdvmes5.2.i586.rpm
62a87b9117c03ff5163e5e6adbd06a65
mes5/i586/pidgin-silc-2.10.6-0.1mdvmes5.2.i586.rpm
6c1d1a4e7eddaf5fa70883cc37807c22
mes5/i586/pidgin-tcl-2.10.6-0.1mdvmes5.2.i586.rpm
a4137ed972c18c6345b772c4adf0ac77
mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
458a2546e5857aa5d332edc97de703c1
mes5/x86_64/finch-2.10.6-0.1mdvmes5.2.x86_64.rpm
757f2a910addcfd1c4cdc600c1516921
mes5/x86_64/lib64finch0-2.10.6-0.1mdvmes5.2.x86_64.rpm
3606e6640904682fce39b5fa27325b72
mes5/x86_64/lib64purple0-2.10.6-0.1mdvmes5.2.x86_64.rpm
5d32abf19c6064d9df5a4703d1eb9762
mes5/x86_64/lib64purple-devel-2.10.6-0.1mdvmes5.2.x86_64.rpm
3131b75bdc3af6b33008bed94641784e
mes5/x86_64/pidgin-2.10.6-0.1mdvmes5.2.x86_64.rpm
23572b084883487d9a273df77b38485b
mes5/x86_64/pidgin-bonjour-2.10.6-0.1mdvmes5.2.x86_64.rpm
c1bdb0a73a5326122380a6d0e9acba88
mes5/x86_64/pidgin-client-2.10.6-0.1mdvmes5.2.x86_64.rpm
132314113d06f073c0683d4c97657959
mes5/x86_64/pidgin-gevolution-2.10.6-0.1mdvmes5.2.x86_64.rpm
5b35a7b1173c6cda450fb9f0c4bc2cd3
mes5/x86_64/pidgin-i18n-2.10.6-0.1mdvmes5.2.x86_64.rpm
75a5d162bebc87b9b7c60a7100de4ea1
mes5/x86_64/pidgin-meanwhile-2.10.6-0.1mdvmes5.2.x86_64.rpm
773dea78ac849a0cfea52c21f104f5bc
mes5/x86_64/pidgin-perl-2.10.6-0.1mdvmes5.2.x86_64.rpm
223cf7a77f11f00be346cb4e5d9017fc
mes5/x86_64/pidgin-plugins-2.10.6-0.1mdvmes5.2.x86_64.rpm
ecb7c1f5fed5b00214dbc28f9b8ac187
mes5/x86_64/pidgin-silc-2.10.6-0.1mdvmes5.2.x86_64.rpm
b19c8fb427ad2ea9eceb0bf902a85a35
mes5/x86_64/pidgin-tcl-2.10.6-0.1mdvmes5.2.x86_64.rpm
a4137ed972c18c6345b772c4adf0ac77
mes5/SRPMS/pidgin-2.10.6-0.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP/s0RmqjQ0CJFipgRAkwQAKDWrB043Mil6ss0kz5zQw+6zhJojwCgpiyi
CzwtQSPDkmLinBR5FO7/WK8=
=F21j
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke