Updated pidgin package fixes security vulnerabilities
Publication date: 05 Feb 2014Modification date: 05 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-6152 , CVE-2013-6477 , CVE-2013-6478 , CVE-2013-6479 , CVE-2013-6481 , CVE-2013-6482 , CVE-2013-6483 , CVE-2013-6484 , CVE-2013-6485 , CVE-2013-6487 , CVE-2013-6489 , CVE-2013-6490 , CVE-2014-0020
Description
Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8 (CVE-2012-6152). A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future (CVE-2013-6477). libX11 forcefully exits causing a crash when Pidgin tries to create an exceptionally wide tooltip window when hovering the pointer over a long URL (CVE-2013-6478). A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash (CVE-2013-6479). The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash when reading a P2P message (CVE-2013-6481). NULL pointer dereferences in the MSN protocol plugin due to a malformed Content-Length header, or a malicious server or man-in-the-middle sending a specially crafted OIM data XML response or SOAP response (CVE-2013-6482). The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference (CVE-2013-6483). Incorrect error handling when reading the response from a STUN server could lead to a crash (CVE-2013-6484). A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes (CVE-2013-6485). A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487). A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow in MXit emoticon parsing (CVE-2013-6489). A Content-Length of -1 could lead to a buffer overflow in SIMPLE header parsing (CVE-2013-6490). A malicious server or man-in-the-middle could trigger a crash in IRC argument parsing in libpurple by sending a message with fewer than expected arguments (CVE-2014-0020).
References
- https://bugs.mageia.org/show_bug.cgi?id=12468
- http://pidgin.im/news/security/?id=70
- http://pidgin.im/news/security/?id=71
- http://pidgin.im/news/security/?id=72
- http://pidgin.im/news/security/?id=73
- http://pidgin.im/news/security/?id=74
- http://pidgin.im/news/security/?id=75
- http://pidgin.im/news/security/?id=76
- http://pidgin.im/news/security/?id=77
- http://pidgin.im/news/security/?id=78
- http://pidgin.im/news/security/?id=79
- http://pidgin.im/news/security/?id=80
- http://pidgin.im/news/security/?id=82
- http://pidgin.im/news/security/?id=83
- http://pidgin.im/news/security/?id=84
- http://pidgin.im/news/security/?id=85
- https://developer.pidgin.im/wiki/ChangeLog
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
SRPMS
3/core
- pidgin-2.10.9-1.mga3