Säkerhetsbulletin från Debian

DSA-1932-1 pidgin -- programmeringsfel

Rapporterat den:
2009-11-08
Berörda paket:
pidgin
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2009-3615.
Ytterligare information:

Det upptäcktes att felaktig pekarhantering i biblioteket library, en intern komponent i multiprotokollsmeddelandeklienten Pidgin, kunde leda till överbelastning eller exekvering av godtycklig kod genom felformaterade kontaktförfrågningar.

För den stabila utgåvan (Lenny) har detta problem rättats i version 2.4.3-4lenny5.

För den instabila utgåvan (Sid) har detta problem rättats i version 2.6.3-1.

Vi rekommenderar att ni uppgraderar ert pidgin-paket.

Rättat i:

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_all.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipsel.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipsel.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc.deb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.