1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3055-1] pidgin security update

    From Moritz Muehlenhoff@1:229/2 to All on Thu Oct 23 23:10:02 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3055-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 23, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : pidgin
    CVE ID : CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698

    Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:

    CVE-2014-3694

    It was discovered that the SSL/TLS plugins failed to validate the
    basic constraints extension in intermediate CA certificates.

    CVE-2014-3695

    Yves Younan and Richard Johnson discovered that emotictons with
    overly large length values could crash Pidgin.

    CVE-2014-3696

    Yves Younan and Richard Johnson discovered that malformed Groupwise
    messages could crash Pidgin.

    CVE-2014-3698

    Thijs Alkemade and Paul Aurich discovered that malformed XMPP
    messages could result in memory disclosure.

    For the stable distribution (wheezy), these problems have been fixed in
    version 2.10.10-1~deb7u1.

    For the unstable distribution (sid), these problems have been fixed in
    version 2.10.10-1.

    We recommend that you upgrade your pidgin packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJUSW11AAoJEBDCk7bDfE42D00QAKBHMtCgEJS6N44iWe/sCJTo i0dY8E7r1vj6Qhrg6OuReRFp3+LmAkoFOX1BkgtYH/MgimM9qqr+X+zL4UBbd/J5 xz1PlqcCnZ9La+pgxa/lpXPT88eg6UgwPPdIuqwgGq9klfuVgmP2HPQtVqdJoo1r h6KsiI6rXpjbFP26/EIMYDa+kelH6nTAThR6RCXdhbI9Jt27vrJXtaM1uBEp6Qu0 TzwahD2i9muNUjLECBfGhgjQ89rnCjd6B/CefDrIfEHJWcd86byFJq0rJrazx3qL WcV9DEoGnVk1Tp7shB0SAOI62X5VgC2xCaf8H7iDr9FFPyoGBJSlBEoGGDWkAeBy mVFc9x4LTzRbtEioQxW+PXJHn0EGOt1fHjWZOYZn99GeaBrZ3LlV7tHnIamQ8rWL VG9eYXghRpM9soJCL53RKf0RObVEUm0yn0eYOaPyp2NRR2vq63zmZqbP3qM5EVTQ 2/VvbSGxWIaDZIKFjTcAQboJzYGqrrp4JOvdPoWYSH69anLumO/SCrmqo1FsNSGT sttNRmRZmoE6X5BdB5an1B/TFBYs5EBaBlNMs3H/Z+qFTJBA0NLoxsBgbb/9cDVQ OXAUxIxciJngqvgwFsH2ngzQqvFcgew2ow8qLBUagNooLT46p7ykj2kKVpF8uteU oeNgRaWs2mVePieJ8ERW
    =V2GE
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)