MDVSA-2012:029

Nom du paquet

pidgin

Date

2012-03-16

Advisory ID

MDVSA-2012:029

Affected versions

MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in pidgin:

The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin
before 2.10.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) by changing a nickname
while in an XMPP chat room (CVE-2011-4939).

The msn_oim_report_to_user function in oim.c in the MSN protocol
plugin in libpurple in Pidgin before 2.10.2 allows remote servers to
cause a denial of service (application crash) via an OIM message that
lacks UTF-8 encoding (CVE-2012-1178).

This update provides pidgin 2.10.2, which is not vulnerable to
these issues.

Updated packages

MES5 i586

 98176bf2dc43db51bda56e352a932a31  mes5/i586/finch-2.10.2-0.1mdvmes5.2.i586.rpm
 3a3968095ec2913ae4804e402185973e  mes5/i586/libfinch0-2.10.2-0.1mdvmes5.2.i586.rpm
 afde08c26b239b655ca572e36e130225  mes5/i586/libpurple0-2.10.2-0.1mdvmes5.2.i586.rpm
 e1962de89b05b7030980b67eb8468112  mes5/i586/libpurple-devel-2.10.2-0.1mdvmes5.2.i586.rpm
 b86d63e64d1e7f6088f814e7ed7f750b  mes5/i586/pidgin-2.10.2-0.1mdvmes5.2.i586.rpm
 71858e3b063eb3069fb1f26b57842572  mes5/i586/pidgin-bonjour-2.10.2-0.1mdvmes5.2.i586.rpm
 9adf07b928e291b16009cd20a2948dca  mes5/i586/pidgin-client-2.10.2-0.1mdvmes5.2.i586.rpm
 c3f899d615f11a811da7b42e313b5727  mes5/i586/pidgin-gevolution-2.10.2-0.1mdvmes5.2.i586.rpm
 6d7840859c24f27bf365afd9985c248c  mes5/i586/pidgin-i18n-2.10.2-0.1mdvmes5.2.i586.rpm
 fcab90775cd1e9502f859503820838ff  mes5/i586/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.i586.rpm
 c22fd1876ba641fa62c6f9b45cb5a761  mes5/i586/pidgin-perl-2.10.2-0.1mdvmes5.2.i586.rpm
 e6e5fd2457eaf4761caf82520a6b97e2  mes5/i586/pidgin-plugins-2.10.2-0.1mdvmes5.2.i586.rpm
 cac016b838884059b56d96b221e019f1  mes5/i586/pidgin-silc-2.10.2-0.1mdvmes5.2.i586.rpm
 1c7900f6d723b5f7dbf3043dc72fc06b  mes5/i586/pidgin-tcl-2.10.2-0.1mdvmes5.2.i586.rpm 
 5d7d088675ef2278ecd8abaecce60ea2  mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm

2011 i586

 d43d0101f88ab54df4721b49bbfcbd47  2011/i586/finch-2.10.2-0.1-mdv2011.0.i586.rpm
 0cb536b1fb989b8706240a58ca01eb1c  2011/i586/libfinch0-2.10.2-0.1-mdv2011.0.i586.rpm
 10a39a3b20735cebdd268e8c94c66811  2011/i586/libpurple0-2.10.2-0.1-mdv2011.0.i586.rpm
 046ac86afa986a1e7dd7bae15a2e03c0  2011/i586/libpurple-devel-2.10.2-0.1-mdv2011.0.i586.rpm
 382300ecec41008daa5d31a875795fc8  2011/i586/pidgin-2.10.2-0.1-mdv2011.0.i586.rpm
 950290cc8a4a0788458d92f457aaab1e  2011/i586/pidgin-bonjour-2.10.2-0.1-mdv2011.0.i586.rpm
 b1d60f79d998fcbdd3cc00e03658a1c1  2011/i586/pidgin-client-2.10.2-0.1-mdv2011.0.i586.rpm
 ecd78ce4555ae2d022523c87c55454a4  2011/i586/pidgin-gevolution-2.10.2-0.1-mdv2011.0.i586.rpm
 ccc331d78938f4cc7e648cc7459444e4  2011/i586/pidgin-i18n-2.10.2-0.1-mdv2011.0.i586.rpm
 da7eae1f1bf161b87ea30cb3811486a6  2011/i586/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.i586.rpm
 068f7a6d905007052fc5b3b80cec7c2f  2011/i586/pidgin-perl-2.10.2-0.1-mdv2011.0.i586.rpm
 abe2d9f54fd720cc5fe0b814f0676d75  2011/i586/pidgin-plugins-2.10.2-0.1-mdv2011.0.i586.rpm
 2aaef5a16d0da257e615a5a43f5cecfe  2011/i586/pidgin-silc-2.10.2-0.1-mdv2011.0.i586.rpm
 72e4b2d2fdc011993bd85c58deaa75c7  2011/i586/pidgin-tcl-2.10.2-0.1-mdv2011.0.i586.rpm 
 fb74b14c9e4d5bc8d1e0713e0e91d788  2011/SRPMS/pidgin-2.10.2-0.1.src.rpm

MES5 x86_64

 386eea89cf9212b8c39bf7c35f17aba4  mes5/x86_64/finch-2.10.2-0.1mdvmes5.2.x86_64.rpm
 72a3e88110705a28bfdaa2a983ffda93  mes5/x86_64/lib64finch0-2.10.2-0.1mdvmes5.2.x86_64.rpm
 a80684b67e6873757895b8f19ffd0b58  mes5/x86_64/lib64purple0-2.10.2-0.1mdvmes5.2.x86_64.rpm
 df45736b7a7f6874545ac0e21c8ab654  mes5/x86_64/lib64purple-devel-2.10.2-0.1mdvmes5.2.x86_64.rpm
 48c2332c458fc7eb09c09e3b9aa489fa  mes5/x86_64/pidgin-2.10.2-0.1mdvmes5.2.x86_64.rpm
 55f50f19e45c40201221c4fc974a1bcc  mes5/x86_64/pidgin-bonjour-2.10.2-0.1mdvmes5.2.x86_64.rpm
 a2ef0a13cdf19b49bfb255128618c451  mes5/x86_64/pidgin-client-2.10.2-0.1mdvmes5.2.x86_64.rpm
 81938c1e9ded10b9529f2bfc481bfa3c  mes5/x86_64/pidgin-gevolution-2.10.2-0.1mdvmes5.2.x86_64.rpm
 bbce183143e426c03a91e58e49880c24  mes5/x86_64/pidgin-i18n-2.10.2-0.1mdvmes5.2.x86_64.rpm
 0899857f03f5ea37a27f55d8cf5dcc05  mes5/x86_64/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.x86_64.rpm
 962492864ecd5dd982761ce511de10aa  mes5/x86_64/pidgin-perl-2.10.2-0.1mdvmes5.2.x86_64.rpm
 47d1c889595cb334cf4259c909c04c66  mes5/x86_64/pidgin-plugins-2.10.2-0.1mdvmes5.2.x86_64.rpm
 f47e860c64fa593d1e2ee45631b36e04  mes5/x86_64/pidgin-silc-2.10.2-0.1mdvmes5.2.x86_64.rpm
 cd28db4b2d38e3ccc760572b3cb5fcb3  mes5/x86_64/pidgin-tcl-2.10.2-0.1mdvmes5.2.x86_64.rpm 
 5d7d088675ef2278ecd8abaecce60ea2  mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm

2011 x86_64

 9a4bf7e801d1a9cad6466e94b4be3fd0  2011/x86_64/finch-2.10.2-0.1-mdv2011.0.x86_64.rpm
 cc101bd802e81b630e18053a762ef57b  2011/x86_64/lib64finch0-2.10.2-0.1-mdv2011.0.x86_64.rpm
 753668f3396efa4269f01a31a72761bb  2011/x86_64/lib64purple0-2.10.2-0.1-mdv2011.0.x86_64.rpm
 54c16e684f7e237973bc8a4a75671997  2011/x86_64/lib64purple-devel-2.10.2-0.1-mdv2011.0.x86_64.rpm
 c67c0bdd52aa429529f8911ac84f60d3  2011/x86_64/pidgin-2.10.2-0.1-mdv2011.0.x86_64.rpm
 ee7d7717c71119cce8f3bba710a15406  2011/x86_64/pidgin-bonjour-2.10.2-0.1-mdv2011.0.x86_64.rpm
 7f84358dabcc9578beabe1d9a2d8c6d9  2011/x86_64/pidgin-client-2.10.2-0.1-mdv2011.0.x86_64.rpm
 b3f464a55d023e09101faa975aa279f6  2011/x86_64/pidgin-gevolution-2.10.2-0.1-mdv2011.0.x86_64.rpm
 ca70e67fc54f0abb959b7e5b32a17ae5  2011/x86_64/pidgin-i18n-2.10.2-0.1-mdv2011.0.x86_64.rpm
 3ec278a284fa7e9e8c108dde9237c84a  2011/x86_64/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.x86_64.rpm
 2160d440723ccd0146fdf73d080d9487  2011/x86_64/pidgin-perl-2.10.2-0.1-mdv2011.0.x86_64.rpm
 0da3d45908d0ff4f56d9257603a9b05d  2011/x86_64/pidgin-plugins-2.10.2-0.1-mdv2011.0.x86_64.rpm
 11461747aed93ec09971c3aaddc2a1dc  2011/x86_64/pidgin-silc-2.10.2-0.1-mdv2011.0.x86_64.rpm
 4f0f6e4a042ba2de61d36f0b7a5e6ee8  2011/x86_64/pidgin-tcl-2.10.2-0.1-mdv2011.0.x86_64.rpm 
 fb74b14c9e4d5bc8d1e0713e0e91d788  2011/SRPMS/pidgin-2.10.2-0.1.src.rpm

References

• http://pidgin.im/news/security/?id=60
• http://www.pidgin.im/news/security/
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1178
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4939
• http://pidgin.im/news/security/?id=61