Package name
pidgin
Date
2010-01-11
Advisory ID
MDVSA-2010:001
Affected versions
MES5 i586 , 2009.1 i586 , 2009.1 x86_64 , 2008.0 x86_64 , 2008.0 i586 , MES5 x86_64

Problem description

Security vulnerabilities has been identified and fixed in pidgin:

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium
before 1.3.7 allows remote attackers to cause a denial of service
(application crash) via crafted contact-list data for (1) ICQ and
possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).

Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

This update provides pidgin 2.6.5, which is not vulnerable to these
issues.

Updated packages

MES5 i586

 bda586297f58b893e9169c3633c42f19  mes5/i586/finch-2.6.5-0.1mdvmes5.i586.rpm
 7a0b2fbd75e3aab0bc575019aaf3884e  mes5/i586/libfinch0-2.6.5-0.1mdvmes5.i586.rpm
 d79904ede6e7f2504d69c508d355be26  mes5/i586/libpurple0-2.6.5-0.1mdvmes5.i586.rpm
 017b02bdae1fbc09535c5e69d8331ac0  mes5/i586/libpurple-devel-2.6.5-0.1mdvmes5.i586.rpm
 2e49866970ecd0fb77fcfe935f2ab687  mes5/i586/pidgin-2.6.5-0.1mdvmes5.i586.rpm
 c2053b02a640fcb18a67a87fb135b918  mes5/i586/pidgin-bonjour-2.6.5-0.1mdvmes5.i586.rpm
 cfacfe3b1132029f8338760168c36493  mes5/i586/pidgin-client-2.6.5-0.1mdvmes5.i586.rpm
 f7e79cf79d7d5eb8d21239e444ed44af  mes5/i586/pidgin-gevolution-2.6.5-0.1mdvmes5.i586.rpm
 6eb973f74a1b04e3f0b7c5f2291b09fc  mes5/i586/pidgin-i18n-2.6.5-0.1mdvmes5.i586.rpm
 ca8c9b034028bdfc840bbe5a6eb26d06  mes5/i586/pidgin-meanwhile-2.6.5-0.1mdvmes5.i586.rpm
 6e6208113b5475f7b85f2bb29704800d  mes5/i586/pidgin-mono-2.6.5-0.1mdvmes5.i586.rpm
 08b7a161b9c0a51a2499484db4e1fe79  mes5/i586/pidgin-perl-2.6.5-0.1mdvmes5.i586.rpm
 0244133ee014473952027563d11d6add  mes5/i586/pidgin-plugins-2.6.5-0.1mdvmes5.i586.rpm
 80f4a562dfa690d2e8f0a8c5311e120e  mes5/i586/pidgin-silc-2.6.5-0.1mdvmes5.i586.rpm
 83b3232cf6c66d92dabb774c0def6614  mes5/i586/pidgin-tcl-2.6.5-0.1mdvmes5.i586.rpm 
 9ce0bda8ac562159dc716138c241a100  mes5/SRPMS/pidgin-2.6.5-0.1mdvmes5.src.rpm

2009.1 i586

 269680b8627e14ab28ad538ec1794fc6  2009.1/i586/finch-2.6.5-0.1mdv2009.1.i586.rpm
 3e8698694d5815efdb7087c83d798c91  2009.1/i586/libfinch0-2.6.5-0.1mdv2009.1.i586.rpm
 647f99c4af50ce8048dce0501d5f40f1  2009.1/i586/libpurple0-2.6.5-0.1mdv2009.1.i586.rpm
 24ed864184fe49d6c20619d56dd4e3cd  2009.1/i586/libpurple-devel-2.6.5-0.1mdv2009.1.i586.rpm
 53c906b4480baaa17d4e238b1086206e  2009.1/i586/pidgin-2.6.5-0.1mdv2009.1.i586.rpm
 ae1844987b0eb15307aabf6cc3da34a0  2009.1/i586/pidgin-bonjour-2.6.5-0.1mdv2009.1.i586.rpm
 aae4869422c8dc493e081007a6f58371  2009.1/i586/pidgin-client-2.6.5-0.1mdv2009.1.i586.rpm
 66a6b80410df0defb9485dc0bb27fb34  2009.1/i586/pidgin-gevolution-2.6.5-0.1mdv2009.1.i586.rpm
 9b4f7905b504f711e67b26813dba9d0f  2009.1/i586/pidgin-i18n-2.6.5-0.1mdv2009.1.i586.rpm
 72c819c5fde5e1f0bf0b0ffef243c1a8  2009.1/i586/pidgin-meanwhile-2.6.5-0.1mdv2009.1.i586.rpm
 b1955f1ec6703f48e2b38ac7d9c729e8  2009.1/i586/pidgin-mono-2.6.5-0.1mdv2009.1.i586.rpm
 09a3f76e8e1fc2a6779b4faab8a94cfd  2009.1/i586/pidgin-perl-2.6.5-0.1mdv2009.1.i586.rpm
 42f2cff9243dd87d2408f33b4d73271a  2009.1/i586/pidgin-plugins-2.6.5-0.1mdv2009.1.i586.rpm
 e3c679e80c9775621ea766dc9c6149d9  2009.1/i586/pidgin-silc-2.6.5-0.1mdv2009.1.i586.rpm
 bfb8442e6b20082a70181aed3d1c783b  2009.1/i586/pidgin-tcl-2.6.5-0.1mdv2009.1.i586.rpm 
 fe01a680e95e685c145395daa0c74d6f  2009.1/SRPMS/pidgin-2.6.5-0.1mdv2009.1.src.rpm

2009.1 x86_64

 bcb40187a5240d7a9a36f7a32b18d0ab  2009.1/x86_64/finch-2.6.5-0.1mdv2009.1.x86_64.rpm
 303b977f8ba5f161b179b656338dc782  2009.1/x86_64/lib64finch0-2.6.5-0.1mdv2009.1.x86_64.rpm
 25353cfeb50a9900c0a65cc9472ac560  2009.1/x86_64/lib64purple0-2.6.5-0.1mdv2009.1.x86_64.rpm
 865bad4d662e745bbe33aa1e564d23c4  2009.1/x86_64/lib64purple-devel-2.6.5-0.1mdv2009.1.x86_64.rpm
 da00b2139642b94b27c5710e88fe4892  2009.1/x86_64/pidgin-2.6.5-0.1mdv2009.1.x86_64.rpm
 8e9972a9c5830ab95f4a09705a63edbd  2009.1/x86_64/pidgin-bonjour-2.6.5-0.1mdv2009.1.x86_64.rpm
 3ac48c05904cc941e066fc526d6a0194  2009.1/x86_64/pidgin-client-2.6.5-0.1mdv2009.1.x86_64.rpm
 7cfc8df430f206518e7e20bafd74ff34  2009.1/x86_64/pidgin-gevolution-2.6.5-0.1mdv2009.1.x86_64.rpm
 8b17dc9cde60ddea83fa160626b52b1f  2009.1/x86_64/pidgin-i18n-2.6.5-0.1mdv2009.1.x86_64.rpm
 c01072c3982576a6a039234dbed521f9  2009.1/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2009.1.x86_64.rpm
 361edaf5081b515632511f25cb559c32  2009.1/x86_64/pidgin-mono-2.6.5-0.1mdv2009.1.x86_64.rpm
 82d8bec4c950438f2e8a528dffa12680  2009.1/x86_64/pidgin-perl-2.6.5-0.1mdv2009.1.x86_64.rpm
 471f5e692b146f8468e57e37a3c32e79  2009.1/x86_64/pidgin-plugins-2.6.5-0.1mdv2009.1.x86_64.rpm
 3df1f0b5635450e109475b0c788dc076  2009.1/x86_64/pidgin-silc-2.6.5-0.1mdv2009.1.x86_64.rpm
 d1a235325d92b8d197d24689e9bc8c91  2009.1/x86_64/pidgin-tcl-2.6.5-0.1mdv2009.1.x86_64.rpm 
 fe01a680e95e685c145395daa0c74d6f  2009.1/SRPMS/pidgin-2.6.5-0.1mdv2009.1.src.rpm

2008.0 x86_64

 734f3c61defb540185b139769bab2d85  2008.0/x86_64/finch-2.6.5-0.1mdv2008.0.x86_64.rpm
 2592d99b6a0dc93e761cf204d8669f3f  2008.0/x86_64/lib64finch0-2.6.5-0.1mdv2008.0.x86_64.rpm
 2df77ea5193e8e235fe56ba020a9c411  2008.0/x86_64/lib64purple0-2.6.5-0.1mdv2008.0.x86_64.rpm
 07476c00358bf692c911507376c1c61f  2008.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2008.0.x86_64.rpm
 71f2517d99316e3f31963941d9c36c06  2008.0/x86_64/pidgin-2.6.5-0.1mdv2008.0.x86_64.rpm
 bd1217b2dc4587cfd38e0b8b2781bde7  2008.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2008.0.x86_64.rpm
 5b2ef2c3a2f84c241f43f151d6713f37  2008.0/x86_64/pidgin-client-2.6.5-0.1mdv2008.0.x86_64.rpm
 ec0e2975982a45eee3e37ecf07c356b5  2008.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2008.0.x86_64.rpm
 d724e5fde2c4495883463a1d508e87c8  2008.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2008.0.x86_64.rpm
 8d2c6a64e63d24a2da8a130b967f048a  2008.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2008.0.x86_64.rpm
 2aa347dceb072b18bbd6e2665c19b7b5  2008.0/x86_64/pidgin-mono-2.6.5-0.1mdv2008.0.x86_64.rpm
 aa0c7bc1e0909f2a1c0a3a890e590263  2008.0/x86_64/pidgin-perl-2.6.5-0.1mdv2008.0.x86_64.rpm
 f3c4f803f7d765da7dddc900fc2a8272  2008.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2008.0.x86_64.rpm
 9bacb42d819da7afa3ddc5cac0efb367  2008.0/x86_64/pidgin-silc-2.6.5-0.1mdv2008.0.x86_64.rpm
 9caaf8618d807e9fd894cd4786a5792d  2008.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2008.0.x86_64.rpm 
 5aac126cfe57e39c1b4eba9e2152d0be  2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm

2008.0 i586

 2c06bb10b976371e7300df80f21c9533  2008.0/i586/finch-2.6.5-0.1mdv2008.0.i586.rpm
 eec4d32bc466fe61620058eef2811c59  2008.0/i586/libfinch0-2.6.5-0.1mdv2008.0.i586.rpm
 c2e83523eef01b27c13030674f1821a6  2008.0/i586/libpurple0-2.6.5-0.1mdv2008.0.i586.rpm
 c048d2e19a00b62bc0c191ebd5fa0be6  2008.0/i586/libpurple-devel-2.6.5-0.1mdv2008.0.i586.rpm
 dfad05993ac7cf897035fa9f89cb356f  2008.0/i586/pidgin-2.6.5-0.1mdv2008.0.i586.rpm
 4f8f5bbdaa24841787dc908bbd69b6c2  2008.0/i586/pidgin-bonjour-2.6.5-0.1mdv2008.0.i586.rpm
 9069609e14ecedac948eada332204cba  2008.0/i586/pidgin-client-2.6.5-0.1mdv2008.0.i586.rpm
 f4bba9135a059cc4e17cef81e4e67f4c  2008.0/i586/pidgin-gevolution-2.6.5-0.1mdv2008.0.i586.rpm
 ac1fb16b6cb7aee737c8257cc08d10fd  2008.0/i586/pidgin-i18n-2.6.5-0.1mdv2008.0.i586.rpm
 4d27f7e644d0a046bfaaa9f8e2730b1b  2008.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2008.0.i586.rpm
 ae1a27acc73fb0afdfcef69000164fff  2008.0/i586/pidgin-mono-2.6.5-0.1mdv2008.0.i586.rpm
 d9e9cc8eea7b6d610c259387e1c0d793  2008.0/i586/pidgin-perl-2.6.5-0.1mdv2008.0.i586.rpm
 1439d48d97f903914d4d1bce8c1b7a20  2008.0/i586/pidgin-plugins-2.6.5-0.1mdv2008.0.i586.rpm
 8cae43bfd645f923ba49f6ec2e09f6ad  2008.0/i586/pidgin-silc-2.6.5-0.1mdv2008.0.i586.rpm
 096a02afcc29a8d1baa34a670e2de632  2008.0/i586/pidgin-tcl-2.6.5-0.1mdv2008.0.i586.rpm 
 5aac126cfe57e39c1b4eba9e2152d0be  2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm

MES5 x86_64

 f6e4c01ec1f48943b9e89ce2c953c4e1  mes5/x86_64/finch-2.6.5-0.1mdvmes5.x86_64.rpm
 49eb1dc9677e41b7307400ab7ca2ee27  mes5/x86_64/lib64finch0-2.6.5-0.1mdvmes5.x86_64.rpm
 18321beef2d26e1593b33f8ebb5ec1ae  mes5/x86_64/lib64purple0-2.6.5-0.1mdvmes5.x86_64.rpm
 c8b713e36ca72076f2a5b5eaf33ad135  mes5/x86_64/lib64purple-devel-2.6.5-0.1mdvmes5.x86_64.rpm
 2c6f8d365eb937484d511655c5aa7aa3  mes5/x86_64/pidgin-2.6.5-0.1mdvmes5.x86_64.rpm
 8cf704c47329f08e6b537e227d0c9940  mes5/x86_64/pidgin-bonjour-2.6.5-0.1mdvmes5.x86_64.rpm
 ce206f00542b4107b5beb35a98bde3f1  mes5/x86_64/pidgin-client-2.6.5-0.1mdvmes5.x86_64.rpm
 b872c17b1593e47f3507a16489e99133  mes5/x86_64/pidgin-gevolution-2.6.5-0.1mdvmes5.x86_64.rpm
 152a57c69c14a94a77c4d8a3f7171eca  mes5/x86_64/pidgin-i18n-2.6.5-0.1mdvmes5.x86_64.rpm
 d84d73937497757ff25a7b930b33e71f  mes5/x86_64/pidgin-meanwhile-2.6.5-0.1mdvmes5.x86_64.rpm
 4fcc66ad7165b1478a1f9eb1b9ed983b  mes5/x86_64/pidgin-mono-2.6.5-0.1mdvmes5.x86_64.rpm
 8fec99559e791f5f60eb54cafce66c61  mes5/x86_64/pidgin-perl-2.6.5-0.1mdvmes5.x86_64.rpm
 d5e01fb2c9062c0e5994543bc36f9b0e  mes5/x86_64/pidgin-plugins-2.6.5-0.1mdvmes5.x86_64.rpm
 35d7b9c4fdb6a48730992b7a7f6bb533  mes5/x86_64/pidgin-silc-2.6.5-0.1mdvmes5.x86_64.rpm
 663736889037e7c6ffe8c31ac0e53e70  mes5/x86_64/pidgin-tcl-2.6.5-0.1mdvmes5.x86_64.rpm 
 9ce0bda8ac562159dc716138c241a100  mes5/SRPMS/pidgin-2.6.5-0.1mdvmes5.src.rpm

References