2

USN-902-1: Pidgin vulnerabilities

view story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2010-0277, CVE-2010-0420, CVE-2010-0423 Description:  =========================================================== Ubuntu Security Notice USN-902-1 February 22, 2010 pidgin vulnerabilities CVE-2010-0277, CVE-2010-0420, CVE-2010-0423 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.9 Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.7 Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.6 Ubuntu 9.10: pidgin 1:2.6.2-1ubuntu7.2 After a standard system upgrade you need to restart Pidgin to effect the necessary changes. Details follow: Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277) Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420) Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423) (Distributions)