Säkerhetsbulletin från Debian
DSA-2038-1 pidgin -- flera sårbarheter
- Rapporterat den:
- 2010-04-18
- Berörda paket:
- pidgin
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 566775.
I Mitres CVE-förteckning: CVE-2010-0420, CVE-2010-0423. - Ytterligare information:
-
Flera utifrån nåbara sårbarheter har upptäckts i Pidgin, en meddelandeklient med stöd för flera olika protokoll. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2010-0420
Specialskrivna smeknamn i XMPP-protokollet kan krascha Pidgin utifrån.
- CVE-2010-0423
Fjärrkontakter kan skicka för många specialskrivna
smilies
och på så sätt krascha Pidgin.
För några månader sedan ändrade Microsofts servrar för MSN sina protokoll, vilket gör att Pidgin inte fungerar för användning av MSN. Det är inte möjligt att portera dessa ändringar till Pidgin-versionen i Debian Lenny. Denna uppdatering formaliserar situationen genom att avaktivera protokollet i klienten. Användare av MSN-protokollet ombeds använda den version av Pidgin som finns i arkiven på www.backports.org.
För den stabila utgåvan (Lenny) har dessa problem rättats i version 2.4.3-4lenny6.
För den instabila utgåvan (Sid) har dessa problem rättats i version 2.6.6-1.
Vi rekommenderar att ni uppgraderar ert pidgin-paket.
- CVE-2010-0420
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.