Debians sikkerhedsbulletin
DSA-1805-1 pidgin -- flere sårbarheder
- Rapporteret den:
- 22. maj 2009
- Berørte pakker:
- pidgin
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2009-1373, CVE-2009-1375, CVE-2009-1376.
- Yderligere oplysninger:
-
Flere sårbarheder er opdaget i Pidgin, en grafisk chatklient der understøtter flere protokoller. Projektet Common Vulnerabilities and Exposures har registreret følgende problemer:
- CVE-2009-1373
Et bufferoverløb i Jabber-filoverførselskoden kunne måske føre til lammelsesangreb (denial of service) eller udførelse af vilkårlig kode.
- CVE-2009-1375
Hukommelseskorruption i et internt bibliotek kunne måske føre til lammelsesangreb.
- CVE-2009-1376
Rettelsen til sikkerhedsproblemet registreret som CVE-2008-2927 - heltalsoverløb MSN-protokolhåndteringen - viste sig ikke at være komplet.
Den gamle stabile distribution (etch) er påvirket under kildekodepakkenavnet gaim. Men på grund af opbygningsproblemer, kunne de opdaterede pakker ikke udgives sammen med den stabile version. De vil blive udgivet når opbygningsproblemet er løst.
I den stabile distribution (lenny), er disse problemer rettet i version 2.4.3-4lenny2.
I den ustabile distribution (sid), er disse problemer rettet i version 2.5.6-1.
Vi anbefaler at du opgraderer dine pidgin-pakker.
- CVE-2009-1373
- Rettet i:
-
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.dsc
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.diff.gz
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny2_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny2_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny2_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny2_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny2_all.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_arm.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_armel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_i386.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mips.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_s390.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.