Package name
pidgin
Date
2009-12-06
Advisory ID
MDVSA-2009:321
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Security vulnerabilities has been identified and fixed in pidgin:

The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL
certificates, which makes it easier for remote attackers to trick
a user into accepting an invalid server certificate for a spoofed
service. (CVE-2008-3532)

Pidgin 2.4.1 allows remote attackers to cause a denial of service
(crash) via a long filename that contains certain characters, as
demonstrated using an MSN message that triggers the crash in the
msn_slplink_process_msg function. (CVE-2008-2955)

The UPnP functionality in Pidgin 2.0.0, and possibly other versions,
allows remote attackers to trigger the download of arbitrary files
and cause a denial of service (memory or disk consumption) via a UDP
packet that specifies an arbitrary URL. (CVE-2008-2957)

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin
(formerly Gaim) before 2.5.6 allows remote authenticated users to
execute arbitrary code via vectors involving an outbound XMPP file
transfer. NOTE: some of these details are obtained from third party
information (CVE-2009-1373).

Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).

The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).

Multiple integer overflows in the msn_slplink_process_msg functions in
the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and
(2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim)
before 2.5.6 on 32-bit platforms allow remote attackers to execute
arbitrary code via a malformed SLP message with a crafted offset
value, leading to buffer overflows. NOTE: this issue exists because
of an incomplete fix for CVE-2008-2927 (CVE-2009-1376).

The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets
the ICQWebMessage message type as the ICQSMS message type, which
allows remote attackers to cause a denial of service (application
crash) via a crafted ICQ web message that triggers allocation of a
large amount of memory (CVE-2009-1889).

The msn_slplink_process_msg function in
libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin
(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) by sending multiple crafted
SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary
memory location. NOTE: this issue reportedly exists because of an
incomplete fix for CVE-2009-1376 (CVE-2009-2694).

Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers
to cause a denial of service (crash) via a link in a Yahoo IM
(CVE-2009-3025)

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly
other versions, does not follow the require TLS/SSL preference
when connecting to older Jabber servers that do not follow the XMPP
specification, which causes libpurple to connect to the server without
the expected encryption and allows remote attackers to sniff sessions
(CVE-2009-3026).

libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple
in Pidgin before 2.6.2 allows remote IRC servers to cause a denial
of service (NULL pointer dereference and application crash) via a
TOPIC message that lacks a topic string (CVE-2009-2703).

The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the
MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote
attackers to cause a denial of service (NULL pointer dereference
and application crash) via an SLP invite message that lacks certain
required fields, as demonstrated by a malformed message from a KMess
client (CVE-2009-3083).

The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c
in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in
Pidgin before 2.6.2, allows remote attackers to cause a denial of
service (application crash) via a handwritten (aka Ink) message,
related to an uninitialized variable and the incorrect UTF16-LE
charset name (CVE-2009-3084).

The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does
not properly handle an error IQ stanza during an attempted fetch of
a custom smiley, which allows remote attackers to cause a denial of
service (application crash) via XHTML-IM content with cid: images
(CVE-2009-3085).

This update provides pidgin 2.6.2, which is not vulnerable to these
issues.

Updated packages

2008.0 i586

 e689b143ca593c49c1954a42f351dec1  2008.0/i586/finch-2.6.2-0.1mdv2008.0.i586.rpm
 3d5f88bb7cd0b3e5596e02760c182169  2008.0/i586/libfinch0-2.6.2-0.1mdv2008.0.i586.rpm
 8e55d77f7cb8c6907739a38b49e9b2a4  2008.0/i586/libpurple0-2.6.2-0.1mdv2008.0.i586.rpm
 d2419f4c7ae2e8f3b7ef0d971db1aa9e  2008.0/i586/libpurple-devel-2.6.2-0.1mdv2008.0.i586.rpm
 1f0b2327e8d8585e1628e95fb95b8f1f  2008.0/i586/pidgin-2.6.2-0.1mdv2008.0.i586.rpm
 f5d4a2f7ee6257de2051419a2ef74170  2008.0/i586/pidgin-bonjour-2.6.2-0.1mdv2008.0.i586.rpm
 7685fcc80fbd3fabe86ce3d5f05b5cdb  2008.0/i586/pidgin-client-2.6.2-0.1mdv2008.0.i586.rpm
 e8b7bcc521d6300673a242866938b002  2008.0/i586/pidgin-gevolution-2.6.2-0.1mdv2008.0.i586.rpm
 e2c88e96a1c0cee77fc70508ccd2c70b  2008.0/i586/pidgin-i18n-2.6.2-0.1mdv2008.0.i586.rpm
 c30173a970503943343566d4f2cf301e  2008.0/i586/pidgin-meanwhile-2.6.2-0.1mdv2008.0.i586.rpm
 baeb7aa1acbaead9894b91a0aecc08de  2008.0/i586/pidgin-mono-2.6.2-0.1mdv2008.0.i586.rpm
 b25cf481dccfa9ca7d80fb1467d2660e  2008.0/i586/pidgin-perl-2.6.2-0.1mdv2008.0.i586.rpm
 dd7cf20fc74574228f31041d35e1ab66  2008.0/i586/pidgin-plugins-2.6.2-0.1mdv2008.0.i586.rpm
 b767e2f9176a5d019e33f4b5c67d70c8  2008.0/i586/pidgin-silc-2.6.2-0.1mdv2008.0.i586.rpm
 73f3f1b07a4fec717156bdd570c08218  2008.0/i586/pidgin-tcl-2.6.2-0.1mdv2008.0.i586.rpm 
 31343284647509cf77b6a238ae71573f  2008.0/SRPMS/pidgin-2.6.2-0.1mdv2008.0.src.rpm

2008.0 x86_64

 1466474428fcfbe6c9cc915230644c81  2008.0/x86_64/finch-2.6.2-0.1mdv2008.0.x86_64.rpm
 9e5dcbf4a1c6fef3c2b2a18959af98bf  2008.0/x86_64/lib64finch0-2.6.2-0.1mdv2008.0.x86_64.rpm
 bce8e0800fb41de6384a1e71b6777d3a  2008.0/x86_64/lib64purple0-2.6.2-0.1mdv2008.0.x86_64.rpm
 fe365356c28c3f4e9f1581f2e34d6c4a  2008.0/x86_64/lib64purple-devel-2.6.2-0.1mdv2008.0.x86_64.rpm
 41023f5c93b3984fb02838f153f80d27  2008.0/x86_64/pidgin-2.6.2-0.1mdv2008.0.x86_64.rpm
 40b4fa6b0e304dbe08b8088c2b601c2d  2008.0/x86_64/pidgin-bonjour-2.6.2-0.1mdv2008.0.x86_64.rpm
 dfa9b041ebac164400edc4ce77a9055b  2008.0/x86_64/pidgin-client-2.6.2-0.1mdv2008.0.x86_64.rpm
 33a1243f7481cdde117ab1c5e77933e4  2008.0/x86_64/pidgin-gevolution-2.6.2-0.1mdv2008.0.x86_64.rpm
 baf2e28e00335329637224b34f3b10f2  2008.0/x86_64/pidgin-i18n-2.6.2-0.1mdv2008.0.x86_64.rpm
 fbec0ef4148efcc7903841acb4262a7d  2008.0/x86_64/pidgin-meanwhile-2.6.2-0.1mdv2008.0.x86_64.rpm
 007d6ceb35a1876146d6a080d701e2cc  2008.0/x86_64/pidgin-mono-2.6.2-0.1mdv2008.0.x86_64.rpm
 daa1bb586b4f8af231f3fbbedbdc67cb  2008.0/x86_64/pidgin-perl-2.6.2-0.1mdv2008.0.x86_64.rpm
 a17b42e7d8909f64849aa2dbfddff5b3  2008.0/x86_64/pidgin-plugins-2.6.2-0.1mdv2008.0.x86_64.rpm
 b71b668bfda4e72efa4046faadeb6514  2008.0/x86_64/pidgin-silc-2.6.2-0.1mdv2008.0.x86_64.rpm
 92fa40d38b6c7db8217deb2465c33eb9  2008.0/x86_64/pidgin-tcl-2.6.2-0.1mdv2008.0.x86_64.rpm 
 31343284647509cf77b6a238ae71573f  2008.0/SRPMS/pidgin-2.6.2-0.1mdv2008.0.src.rpm

References