Advisories ยป MGASA-2014-0034

Updated pidgin package fixes security vulnerabilities

Publication date: 05 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-6152 , CVE-2013-6477 , CVE-2013-6478 , CVE-2013-6479 , CVE-2013-6481 , CVE-2013-6482 , CVE-2013-6483 , CVE-2013-6484 , CVE-2013-6485 , CVE-2013-6487 , CVE-2013-6489 , CVE-2013-6490 , CVE-2014-0020

Description

Many places in the Yahoo! protocol plugin assumed incoming strings were
UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a
crash  when receiving strings that aren't UTF-8 (CVE-2012-6152).

A remote XMPP user can trigger a crash on some systems by sending a
message with a timestamp in the distant future (CVE-2013-6477).

libX11 forcefully exits causing a crash when Pidgin tries to create an
exceptionally wide tooltip window when hovering the pointer over a long
URL (CVE-2013-6478).

A malicious server or man-in-the-middle could send a malformed HTTP
response that could lead to a crash (CVE-2013-6479).

The Yahoo! protocol plugin failed to validate a length field before trying
to read from a buffer, which could result in reading past the end of the
buffer which could cause a crash when reading a P2P message
(CVE-2013-6481).

NULL pointer dereferences in the MSN protocol plugin due to a malformed
Content-Length header, or a malicious server or man-in-the-middle sending
a specially crafted OIM data XML response or SOAP response
(CVE-2013-6482).

The XMPP protocol plugin failed to ensure that iq replies came from the
person they were sent to. A remote user could send a spoofed iq reply and
attempt to guess the iq id. This could allow an attacker to inject fake
data or trigger a null pointer dereference (CVE-2013-6483).

Incorrect error handling when reading the response from a STUN server
could lead to a crash (CVE-2013-6484).

A malicious server or man-in-the-middle could cause a buffer overflow by
sending a malformed HTTP response with chunked Transfer-Encoding with
invalid chunk sizes (CVE-2013-6485).

A malicious server or man-in-the-middle could send a large value for
Content-Length and cause an integer overflow which could lead to a buffer
overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).

A specially crafted emoticon value could cause an integer overflow which
could lead to a buffer overflow in MXit emoticon parsing (CVE-2013-6489).

A Content-Length of -1 could lead to a buffer overflow in SIMPLE header
parsing (CVE-2013-6490).

A malicious server or man-in-the-middle could trigger a crash in IRC
argument parsing in libpurple by sending a message with fewer than
expected arguments
(CVE-2014-0020).
                

References

SRPMS

3/core