Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[USN-548-1] Pidgin vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [USN-548-1] Pidgin vulnerability
Date: Wed, 28 Nov 2007 15:29:45 -0800 
=========================================================== 
Ubuntu Security Notice USN-548-1          November 28, 2007
pidgin vulnerability
CVE-2007-4999
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libpurple0                      1:2.2.1-1ubuntu4.1

After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.

Details follow:

It was discovered that Pidgin did not correctly handle certain logging
events.  A remote attacker could send specially crafted messages and cause
the application to crash, leading to a denial of service.


Updated packages for Ubuntu 7.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1.diff.gz
      Size/MD5:    50647 96089eb50a7b671e85ae34579d261a13
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1.dsc
      Size/MD5:     1467 c8f381c53df16c7c48f37d1791456181
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1.orig.tar.gz
      Size/MD5: 12868326 3de2ef29d4a62c515a223cba5d4c4671

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1ubuntu4.1_all.deb
      Size/MD5:   143250 2bd8553c5f54c1d801c2cba0033ecad3
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2.1-1ubuntu4.1_all.deb
      Size/MD5:   123518 a6de723a4cac478c862eb0a3104934aa
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2.1-1ubuntu4.1_all.deb
      Size/MD5:   257104 30c57242ae1fe458d4ec383289321045
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1-1ubuntu4.1_all.deb
      Size/MD5:  1390274 6cab724db2fd3ece0efcd96ee0af4337
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1-1ubuntu4.1_all.deb
      Size/MD5:   200036 e554277403d304d530540038162211d8
    
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1ubuntu4.1_all.deb
      Size/MD5:   118784 4f93e518b726f52c8b80de02ad1625d0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_amd64.deb
      Size/MD5:   310910 6d00e43ef0be60fe2c5db3e1cde48127
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_amd64.deb
      Size/MD5:  1565274 4c74db778897bed1782afea6a1c38742
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_amd64.deb
      Size/MD5:  4871182 31271504b5a4fc8192d713d09da99daf
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_amd64.deb
      Size/MD5:   646292 93e5eb84e32f3fba7de5270faf909a2d

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_i386.deb
      Size/MD5:   292670 46a2a01d100dda87d8ac0fffbb3c12cf
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_i386.deb
      Size/MD5:  1453538 ee5e546d0516add420246a17ad93b279
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_i386.deb
      Size/MD5:  4580778 21ea33720d2fe377426090fc55b62834
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_i386.deb
      Size/MD5:   603440 9bb6a73b205318fb3129f8b259711ce5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_powerpc.deb
      Size/MD5:   326628 98586b4303b729c727bd72ba925a06f5
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_powerpc.deb
      Size/MD5:  1631546 0625ae9b6eb0695e11aae31dbc596cad
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_powerpc.deb
      Size/MD5:  4842230 5c341ab354bff24a7a123b56ca33282c
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_powerpc.deb
      Size/MD5:   678294 2f8ee075a90426ed3bdc6a937647b25f

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_sparc.deb
      Size/MD5:   294508 29c52f55d7f31251ee2abe3812741083
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_sparc.deb
      Size/MD5:  1482860 46e3727c77c4ce6e45787820fff46728
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_sparc.deb
      Size/MD5:  4445306 865d1edbe88878f3bc06bd13d4857edc
    
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_sparc.deb
      Size/MD5:   609512 113d0464160560a69c773c79d686e1c7

Attachment: signature.asc
Description: Digital signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [USN-548-1] Pidgin vulnerability, Kees Cook <=
Previous by Date:  Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability, Peter Dawson
Next by Date:  Re: [Full-disclosure] Microsoft FTP Client Multiple Bufferoverflow Vulnerability, reepex
Previous by Thread:  rPSA-2007-0252-1 cups poppler tetex tetex-afm tetex-dvips tetex-fonts tetex-latex tetex-xdvi, rPath Update Announcements
Next by Thread:  Re: [Full-disclosure] Full-Disclosure Digest, Vol 33, Issue 52, admin
Indexes:  [Date] [Thread] [Top] [All Lists]