USN-820-1: Pidgin vulnerability
Posted on: 08/20/2009 04:40 PM

A new Pidgin vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-820-1 August 20, 2009
pidgin vulnerability
CVE-2009-2694
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
pidgin 1:2.4.1-1ubuntu2.6

Ubuntu 8.10:
pidgin 1:2.5.2-0ubuntu1.4

Ubuntu 9.04:
pidgin 1:2.5.5-1ubuntu8.4

After a standard system upgrade you need to restart Pidgin to effect the
necessary changes.

Details follow:

Federico Muttis discovered that Pidgin did not properly handle certain
malformed messages in the MSN protocol handler. A remote attacker could
send a specially crafted message and possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.6.diff.gz
Size/MD5: 69507 5a156d0c5aae91c4518d86911159959c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.6.dsc
Size/MD5: 1539 1104a50f69066f066c7b8bf0a92ce9fe
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1.orig.=
tar.gz
Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1u=
buntu2.6_all.deb
Size/MD5: 37842 ec50ba9bcce0dd5a810a777465c20074
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4.=
1-1ubuntu2.6_all.deb
Size/MD5: 92552 ef9f734ad6866526d51e6f407fdba966
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4.=
1-1ubuntu2.6_all.deb
Size/MD5: 234660 c4dfe36cdbefecb8bf441a8567a52108
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1-=
1ubuntu2.6_all.deb
Size/MD5: 1329166 d91a4934ea28ab1e64120e438525448e
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1-1=
ubuntu2.6_all.deb
Size/MD5: 72640 6b052c77f6dfb7b8e0bbffc8ecd1ab84
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1ub=
untu2.6_all.deb
Size/MD5: 86694 5a0eaf4be7a773d8a7ed686042a02e7d

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubunt=
u2.6_amd64.deb
Size/MD5: 226878 53aacddff6bc8d1966f7a7b81432f592
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1=
ubuntu2.6_amd64.deb
Size/MD5: 1604958 9875aa3a72e74708ed0f94f575004814
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1=
ubuntu2.6_amd64.deb
Size/MD5: 4433000 30e0125a11a4c887d534849349a645c7
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.6_amd64.deb
Size/MD5: 572086 5348b7a095d38250f3cd3c31c32e491d

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubunt=
u2.6_i386.deb
Size/MD5: 200868 b153c8e53681be3fd3e3eb41fdb82c1d
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1=
ubuntu2.6_i386.deb
Size/MD5: 1365242 934661f4c2232b2d1826b64a1cc4f659
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1=
ubuntu2.6_i386.deb
Size/MD5: 4242684 c6e5f637467ff8f3dba27eb19fcf1da5
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubun=
tu2.6_i386.deb
Size/MD5: 517148 f76f50f194cb75c1a8f35bdd1a576704

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_lpia.=
deb
Size/MD5: 197204 217c1b7f8b880f0e51cf48576c832d3d
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_=
lpia.deb
Size/MD5: 1415524 cd7ed00e6a5b13263276525f8e903f86
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_=
lpia.deb
Size/MD5: 4372818 60ef38a0d87eea5e5da43bfeaf3f442a
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_lpia=
.deb
Size/MD5: 511658 8e064b636314cd8e6ce25ed0ac67b12c

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_power=
pc.deb
Size/MD5: 237196 517b05a34a8d51bbc566971d29d324aa
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_=
powerpc.deb
Size/MD5: 1633794 df2f3495ac7574b822a29c588f5a8039
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_=
powerpc.deb
Size/MD5: 4475988 cebbe3d44501c5aa2d2b01aae0994f71
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_powe=
rpc.deb
Size/MD5: 589664 458348c9b4fb1c2e83518c7c2a1c53f9

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.6_sparc=
.deb
Size/MD5: 212842 f78bd158351aa2ca3343a4b6063ed174
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.6_=
sparc.deb
Size/MD5: 1532072 f4dfba9cc441bdfaaa2fd37c524a3810
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.6_=
sparc.deb
Size/MD5: 4364276 e864905da92a2241ba84d5255ce2fad9
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.6_spar=
c.deb
Size/MD5: 545638 606651780f94920ef040d7743ea8bc5e

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.4.diff.gz
Size/MD5: 61560 58944be4aa28de054908df79369620c2
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.4.dsc
Size/MD5: 1995 5658c94d3bc24be6b83a9124900bb7a0
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2.orig.=
tar.gz
Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.2-0u=
buntu1.4_all.deb
Size/MD5: 38224 cbd002bb11c2f248593ac61bad571401
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.=
2-0ubuntu1.4_all.deb
Size/MD5: 95074 2838319e1abfc1b8a24b97079ceaf354
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.=
2-0ubuntu1.4_all.deb
Size/MD5: 242534 c9a8326b0ce821c0d2b6794832b521d1
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.2-=
0ubuntu1.4_all.deb
Size/MD5: 1107062 51ae15cbd685cb3744b7fc5434690363
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.2-0=
ubuntu1.4_all.deb
Size/MD5: 1357218 c642982c4ff1dddbe103ba93a00a447c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubunt=
u1.4_amd64.deb
Size/MD5: 230064 3677b51d87081df77939ddc31684395c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0=
ubuntu1.4_amd64.deb
Size/MD5: 1754926 6edd00a26a1a040e68cd2af319f7d233
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0=
ubuntu1.4_amd64.deb
Size/MD5: 4660668 9e2a3d93cac27c1fac9272694978a098
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.4_amd64.deb
Size/MD5: 613972 a0afaa6578e710bcca694847becd6db2

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubunt=
u1.4_i386.deb
Size/MD5: 204018 89c9e0700ec1d8641a9d77618b8fb580
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0=
ubuntu1.4_i386.deb
Size/MD5: 1503386 4cba742a8fcb81c157abf326da8e67b6
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0=
ubuntu1.4_i386.deb
Size/MD5: 4464550 af50a31b8cdc1b3e48d732ec7ed2730c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubun=
tu1.4_i386.deb
Size/MD5: 559602 4f6ad7167e636c485ebbb29d1c14c9f9

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_lpia.=
deb
Size/MD5: 200652 0eaa53bfcf1d9bb24e946ff8a8b7a28a
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_=
lpia.deb
Size/MD5: 1552332 f58dd6dd3aee3a742f2fec7ba89f5fc4
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_=
lpia.deb
Size/MD5: 4599368 8925851f4ea5e84099e933eb8c5fdd96
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_lpia=
.deb
Size/MD5: 553780 e360880cb932c6de68ba7eb316278997

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_power=
pc.deb
Size/MD5: 235494 4ebe061587c4872395aaf64622cbd2db
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_=
powerpc.deb
Size/MD5: 1790572 c25454e4ced3fa17b3e802d814fb7e8d
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_=
powerpc.deb
Size/MD5: 4685030 a5783898cb1f912c3663b951c5e31af4
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_powe=
rpc.deb
Size/MD5: 619564 932a0246c9e18aa2b0cab3cb3a9e4594

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.4_sparc=
.deb
Size/MD5: 217320 72184bf658167caeb2bc47452d09c8f2
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.4_=
sparc.deb
Size/MD5: 1682764 f9bffdef0fb16d3f496ab1627651ff21
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.4_=
sparc.deb
Size/MD5: 4586964 d8db6242a8babf124ff7e6934ca6efa9
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.4_spar=
c.deb
Size/MD5: 590740 ea7404d3163fc59ec8c8261799cc475a

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.4.diff.gz
Size/MD5: 132943 aa604b423d3e0da11231c0d7a83dcf0a
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.4.dsc
Size/MD5: 1935 c608dd6c53dad7f0275a2ad1028564b9
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5.orig.=
tar.gz
Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.5-1u=
buntu8.4_all.deb
Size/MD5: 38436 18056d63fcb05bb8b6d17154bcaeb84d
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.=
5-1ubuntu8.4_all.deb
Size/MD5: 97634 9e8cabec7e1f7b905023db61e62d1c64
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.=
5-1ubuntu8.4_all.deb
Size/MD5: 245702 27f6acf6074b062b54cbbd918adfccdb
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.5-=
1ubuntu8.4_all.deb
Size/MD5: 1150970 245a7d841f315fd4f454cdf7db268805
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.5-1=
ubuntu8.4_all.deb
Size/MD5: 1371390 bc67528e9b401778a6f9f1e6247000c4

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubunt=
u8.4_amd64.deb
Size/MD5: 235090 011807f7659fe732b5722381834bdd88
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1=
ubuntu8.4_amd64.deb
Size/MD5: 1769468 f713610c9cbc32c475e80ae7dab67ae2
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1=
ubuntu8.4_amd64.deb
Size/MD5: 5845104 a2a5285fa38617b275c3aa8b041e879b
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.4_amd64.deb
Size/MD5: 567412 924a52c9061cb147ca4823d24dacd292

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubunt=
u8.4_i386.deb
Size/MD5: 213590 2d54ff14bf96e073cfee100633e6bcf8
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1=
ubuntu8.4_i386.deb
Size/MD5: 1552872 08b5cf06013b9a7ef1a572e69988698b
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1=
ubuntu8.4_i386.deb
Size/MD5: 5447526 75b0b2070a01d81c68418163c1533d0c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubun=
tu8.4_i386.deb
Size/MD5: 519326 1a1788951a0f4994d562ef6b4aefc05c

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_lpia.=
deb
Size/MD5: 212134 4ba47ad65efe2d8ceff6e20142d60e78
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_=
lpia.deb
Size/MD5: 1613190 41aca1287556ec81e70ae632a7a1c9c7
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_=
lpia.deb
Size/MD5: 5594584 9139deba520a05fc2647a1f382333376
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_lpia=
.deb
Size/MD5: 518514 c2d6cc567e03bca82bdecb693e5e3c57

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.4_power=
pc.deb
Size/MD5: 245164 9ad3bfad1253d55f9b2222eee47092a0
http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.4_=
powerpc.deb
Size/MD5: 1825596 32e70c582368376d03f6cd929b47a711
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.4_=
powerpc.deb
Size/MD5: 5758858 3c515c7763d36dd644a2a0629d039104
http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.4_powe=
rpc.deb
Size/MD5: 580976 a9068c763728014f85fa73274c42bac5




--=-uDZjBMjieVXbrK5exBYm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkqNUHQACgkQLMAs/0C4zNpp4QCfZ1BmssRLHd3V0PO3iUplKcBG
9oQAoLyyWpm/6YKhmsk+SoGjquD7NWtN
=dNK1
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_820_1_pidgin_vulnerability.html)