ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-548-1] Pidgin vulnerability (Kees Cook)
----------------------------------------------------------------------
Message: 1
Date: Wed, 28 Nov 2007 15:29:45 -0800
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-548-1] Pidgin vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20071128232945.GE8789@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-548-1 November 28, 2007
pidgin vulnerability
CVE-2007-4999
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
libpurple0 1:2.2.1-1ubuntu4.1
After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.
Details follow:
It was discovered that Pidgin did not correctly handle certain logging
events. A remote attacker could send specially crafted messages and cause
the application to crash, leading to a denial of service.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1.diff.gz
Size/MD5: 50647 96089eb50a7b671e85ae34579d261a13
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1.dsc
Size/MD5: 1467 c8f381c53df16c7c48f37d1791456181
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1.orig.tar.gz
Size/MD5: 12868326 3de2ef29d4a62c515a223cba5d4c4671
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.2.1-1ubuntu4.1_all.deb
Size/MD5: 143250 2bd8553c5f54c1d801c2cba0033ecad3
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.2.1-1ubuntu4.1_all.deb
Size/MD5: 123518 a6de723a4cac478c862eb0a3104934aa
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.2.1-1ubuntu4.1_all.deb
Size/MD5: 257104 30c57242ae1fe458d4ec383289321045
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.2.1-1ubuntu4.1_all.deb
Size/MD5: 1390274 6cab724db2fd3ece0efcd96ee0af4337
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.2.1-1ubuntu4.1_all.deb
Size/MD5: 200036 e554277403d304d530540038162211d8
http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.2.1-1ubuntu4.1_all.deb
Size/MD5: 118784 4f93e518b726f52c8b80de02ad1625d0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_amd64.deb
Size/MD5: 310910 6d00e43ef0be60fe2c5db3e1cde48127
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_amd64.deb
Size/MD5: 1565274 4c74db778897bed1782afea6a1c38742
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_amd64.deb
Size/MD5: 4871182 31271504b5a4fc8192d713d09da99daf
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_amd64.deb
Size/MD5: 646292 93e5eb84e32f3fba7de5270faf909a2d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_i386.deb
Size/MD5: 292670 46a2a01d100dda87d8ac0fffbb3c12cf
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_i386.deb
Size/MD5: 1453538 ee5e546d0516add420246a17ad93b279
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_i386.deb
Size/MD5: 4580778 21ea33720d2fe377426090fc55b62834
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_i386.deb
Size/MD5: 603440 9bb6a73b205318fb3129f8b259711ce5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_powerpc.deb
Size/MD5: 326628 98586b4303b729c727bd72ba925a06f5
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_powerpc.deb
Size/MD5: 1631546 0625ae9b6eb0695e11aae31dbc596cad
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_powerpc.deb
Size/MD5: 4842230 5c341ab354bff24a7a123b56ca33282c
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_powerpc.deb
Size/MD5: 678294 2f8ee075a90426ed3bdc6a937647b25f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.2.1-1ubuntu4.1_sparc.deb
Size/MD5: 294508 29c52f55d7f31251ee2abe3812741083
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.2.1-1ubuntu4.1_sparc.deb
Size/MD5: 1482860 46e3727c77c4ce6e45787820fff46728
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.2.1-1ubuntu4.1_sparc.deb
Size/MD5: 4445306 865d1edbe88878f3bc06bd13d4857edc
http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.2.1-1ubuntu4.1_sparc.deb
Size/MD5: 609512 113d0464160560a69c773c79d686e1c7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071128/2ed436f2/attachment-0001.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 38, Issue 10
********************************************************
No comments:
Post a Comment