Package name
pidgin
Date
2011-09-17
Advisory ID
MDVSA-2011:132-1
Affected versions
2011 i586 , 2011 x86_64

Problem description

Multiple vulnerabilities has been identified and fixed in pidgin:

It was found that the gdk-pixbuf GIF image loader routine
gdk_pixbuf__gif_image_load() did not properly handle certain return
values from its subroutines. A remote attacker could provide a
specially-crafted GIF image, which, once opened in Pidgin, would lead
gdk-pixbuf to return a partially initialized pixbuf structure. Using
this structure, possibly containing a huge width and height, could
lead to the application being terminated due to excessive memory use
(CVE-2011-2485).

Certain characters in the nicknames of IRC users can trigger a
null pointer dereference in the IRC protocol plugin's handling of
responses to WHO requests. This can cause a crash on some operating
systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected
(CVE-2011-2943).

Incorrect handling of HTTP 100 responses in the MSN protocol plugin
can cause the application to attempt to access memory that it does
not have access to. This only affects users who have turned on the
HTTP connection method for their accounts (it's off by default). This
might only be triggerable by a malicious server and not a malicious
peer. We believe remote code execution is not possible (CVE-2011-3184).

This update provides pidgin 2.10.0, which is not vulnerable to
these issues.

Update:

Packages for Mandriva Linux 2011 is now being provided as well. Enjoy!

Updated packages

2011 i586

 f30d9eb8784ecc490e9267a3afd9681d  2011/i586/finch-2.10.0-0.1-mdv2011.0.i586.rpm
 c3cef6e7db660c78a52241d427fe67c6  2011/i586/libfinch0-2.10.0-0.1-mdv2011.0.i586.rpm
 b1bda00d68d706954d0a23ff13053bbe  2011/i586/libpurple0-2.10.0-0.1-mdv2011.0.i586.rpm
 b1e05edaa2a234697a8618da370a5eba  2011/i586/libpurple-devel-2.10.0-0.1-mdv2011.0.i586.rpm
 e8a6321eabf0e88b13a7121e06f88588  2011/i586/pidgin-2.10.0-0.1-mdv2011.0.i586.rpm
 df8b6157762c34972b26959e9e0b8670  2011/i586/pidgin-bonjour-2.10.0-0.1-mdv2011.0.i586.rpm
 323307becdb33612085c108356de0fe0  2011/i586/pidgin-client-2.10.0-0.1-mdv2011.0.i586.rpm
 4ff033d530ce6925dc5c3c9516f0f71e  2011/i586/pidgin-gevolution-2.10.0-0.1-mdv2011.0.i586.rpm
 e7282726de99c169675a927ee87e318d  2011/i586/pidgin-i18n-2.10.0-0.1-mdv2011.0.i586.rpm
 5b0d0784b39a4fb7fb179e5083a4f0f6  2011/i586/pidgin-meanwhile-2.10.0-0.1-mdv2011.0.i586.rpm
 0f3fbed0cdbb0cb9c0d8621d821d34c8  2011/i586/pidgin-perl-2.10.0-0.1-mdv2011.0.i586.rpm
 9117f4f6cd51b274ebfe32b8df1355fb  2011/i586/pidgin-plugins-2.10.0-0.1-mdv2011.0.i586.rpm
 da47178daab129eac1b2d334330ebe9b  2011/i586/pidgin-silc-2.10.0-0.1-mdv2011.0.i586.rpm
 c694a44d5051390026fa75b7b71ad0a8  2011/i586/pidgin-tcl-2.10.0-0.1-mdv2011.0.i586.rpm 
 c33eef6270b588ee33df4ddaa968eab3  2011/SRPMS/pidgin-2.10.0-0.1.src.rpm

2011 x86_64

 7cd751354229ed6dec93d7ec652758f7  2011/x86_64/finch-2.10.0-0.1-mdv2011.0.x86_64.rpm
 14af8584523addd64e870ac6deb71bb6  2011/x86_64/lib64finch0-2.10.0-0.1-mdv2011.0.x86_64.rpm
 fb55c6c1c349145794147f4e5e855f63  2011/x86_64/lib64purple0-2.10.0-0.1-mdv2011.0.x86_64.rpm
 676eea02b713243dd259edac8260eaaf  2011/x86_64/lib64purple-devel-2.10.0-0.1-mdv2011.0.x86_64.rpm
 de0cda6937539b552c605bb02547a606  2011/x86_64/pidgin-2.10.0-0.1-mdv2011.0.x86_64.rpm
 c50b5acc263a44cfcfde9aba892aefb8  2011/x86_64/pidgin-bonjour-2.10.0-0.1-mdv2011.0.x86_64.rpm
 95445621358bebfe246778e3195bd496  2011/x86_64/pidgin-client-2.10.0-0.1-mdv2011.0.x86_64.rpm
 d32ef3d0c5f3e030dfe931cc11fcd0e5  2011/x86_64/pidgin-gevolution-2.10.0-0.1-mdv2011.0.x86_64.rpm
 65ba1b2ee488d746fa45568d08f1ec6d  2011/x86_64/pidgin-i18n-2.10.0-0.1-mdv2011.0.x86_64.rpm
 371e329ab6aa9f90131b37d971bb0520  2011/x86_64/pidgin-meanwhile-2.10.0-0.1-mdv2011.0.x86_64.rpm
 2956fd8520f7a92cff7345d85b71f6a3  2011/x86_64/pidgin-perl-2.10.0-0.1-mdv2011.0.x86_64.rpm
 11c8e87c57ecbee206b18e94dd2b0e7a  2011/x86_64/pidgin-plugins-2.10.0-0.1-mdv2011.0.x86_64.rpm
 e1bf5b177d8f0c2e2107702dc14d55e5  2011/x86_64/pidgin-silc-2.10.0-0.1-mdv2011.0.x86_64.rpm
 79fbeed99bac330be3028501122997af  2011/x86_64/pidgin-tcl-2.10.0-0.1-mdv2011.0.x86_64.rpm 
 c33eef6270b588ee33df4ddaa968eab3  2011/SRPMS/pidgin-2.10.0-0.1.src.rpm

References