From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2038-3
[email protected] http://www.debian.org/security/ Thijs Kinkhorst November 13, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pidgin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0420 CVE-2010-0423
Debian Bug : 566775 579601
The packages for Pidgin released as DSA 2038-2 had a regression, as they unintentionally disabled the Silc, Simple, and Yahoo instant messaging protocols. This update restore that functionality. For reference the
original advisory text below.
Several remote vulnerabilities have been discovered in Pidgin, a multi
protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-0420
Crafted nicknames in the XMPP protocol can crash Pidgin remotely.
CVE-2010-0423
Remote contacts may send too many custom smilies, crashing Pidgin.
Since a few months, Microsoft's servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port
these changes to the version of Pidgin in Debian Lenny. This update
formalises that situation by disabling the protocol in the client. Users
of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org.
For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny8.
For the unstable distribution (sid), these problems have been fixed in
version 2.6.6-1.
We recommend that you upgrade your pidgin package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.diff.gz
Size/MD5 checksum: 72269 0119701838d8ad1cdeac7ce4c91bae65
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.dsc
Size/MD5 checksum: 1769 ad33ad23693b546e86e0912e88a4ea12
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 278150 84022a327404419ae540f3f3bc427e3b
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 133688 16372c01693c7744ff48f411aaaac5a2
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 7014900 c2c210652333d77e3573be4a8a699c9b
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 159954 51bde77053b4ea6e14b1442bf1a1607d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny8_all.deb
Size/MD5 checksum: 194580 a7dde485b3f5d3e4893ceb2a22ee47aa
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 5315572 1cf0367c5e3881549bac1a4fe45aa5eb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 371260 ba6898cf2c154319bffcc9cd6d4cd4a7
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 777478 228be5cdb1f26820e5f5348096f3c3ee
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_alpha.deb
Size/MD5 checksum: 1719898 c04983751b915ceeef5a2d884edddcfd
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 1633712 927a05948c7ea50b4ff1515820495093
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 347692 4bea6a2d558defbfc9cf1bee25ec4a4d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 727282 b148a28348d91d43e78b02798893bb6a
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_amd64.deb
Size/MD5 checksum: 5428234 ab7cc975d13b3abd8faa2498896d8d44
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 5118248 e2f34bded56a07650f91e119cd739c7b
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 315658 18a22ae56dab911aa7c8667db51afbc4
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 655810 200950fcc1f558d92e50fda7f494ea0b
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_arm.deb
Size/MD5 checksum: 1422998 1e4c635bdba06539a081b1c6f422b1d2
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 1430694 4c96fa5a80593ddf0c3e4f998173bdcf
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 667108 330bd6dcb19da7bb1ce21013f035ae32
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 5152254 6b61008ee4337db73612d4943ed756e6
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_armel.deb
Size/MD5 checksum: 319130 56c3e97232ceb5fed1688dff1c6b07f2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_hppa.deb
Size/MD5 checksum: 5249334 f9380ac4d099646026092869254f36af
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_hppa.deb
Size/MD5 checksum: 360850 31898206d949ddd8a0645e756700e5e6
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)