{ "schema_version": "1.6.2", "id": "MGASA-2016-0236", "published": "2016-07-05T15:47:08Z", "modified": "2016-07-05T15:36:23Z", "summary": "Updated pidgin packages fix security vulnerability", "details": "A buffer overflows vulnerability exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT data sent from the server could\npotentially result in arbitrary code execution. A malicious server or an\nattacker who intercepts the network traffic can send an invalid size for a\npacket which will trigger a buffer overflow (CVE-2016-2376).\n\nA buffer vulnerability exists in the handling of the MXIT protocol in\nPidgin. Specially crafted MXIT data sent by the server could potentially\nresult in an out of bounds write of one byte. A malicious server can send\na negative content-length in response to a HTTP request triggering the\nvulnerability (CVE-2016-2377).\n\nA buffer overflow vulnerability exists in the handling of the MXIT\nprotocol Pidgin. Specially crafted data sent via the server could\npotentially result in a buffer overflow, potentially resulting in memory\ncorruption. A malicious server or an unfiltered malicious user can send\nnegative length values to trigger this vulnerability (CVE-2016-2378).\n\nAn information leak exists in the handling of the MXIT protocol in Pidgin.\nSpecially crafted MXIT data sent to the server could potentially result in\nan out of bounds read. A user could be convinced to enter a particular\nstring which would then get converted incorrectly and could lead to a\npotential out-of-bounds read (CVE-2016-2380).\n\nA directory traversal exists in the handling of the MXIT protocol in\nPidgin. Specially crafted MXIT data sent from the server could potentially\nresult in an overwrite of files. A malicious server or someone with access\nto the network traffic can provide an invalid filename for a splash image\ntriggering the vulnerability (CVE-2016-4323).\n\nA denial of service vulnerability exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT data sent via the server could\npotentially result in a null pointer dereference. A malicious server or an\nattacker who intercepts the network traffic can send invalid data to\ntrigger this vulnerability and cause a crash (CVE-2016-2365).\n\nA denial of service vulnerability exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT data sent via the server could\npotentially result in an out-of-bounds read. A malicious server or an\nattacker who intercepts the network traffic can send invalid data to\ntrigger this vulnerability and cause a crash (CVE-2016-2366).\n\nAn information leak exists in the handling of the MXIT protocol in Pidgin.\nSpecially crafted MXIT data sent via the server could potentially result\nin an out of bounds read. A malicious user, server, or man-in-the-middle\ncan send an invalid size for an avatar which will trigger an out-of-bounds\nread vulnerability. This could result in a denial of service or copy data\nfrom memory to the file, resulting in an information leak if the avatar is\nsent to another user (CVE-2016-2367).\n\nMultiple memory corruption vulnerabilities exist in the handling of the\nMXIT protocol in Pidgin. Specially crafted MXIT data sent via the server\ncould result in multiple buffer overflows, potentially resulting in code\nexecution or memory disclosure (CVE-2016-2368).\n\nAn NULL pointer dereference vulnerability exists in the handling of the\nMXIT protocol in Pidgin. Specially crafted MXIT data sent via the server\ncould potentially result in a denial of service vulnerability. A malicious\nserver can send a packet starting with a NULL byte triggering the\nvulnerability (CVE-2016-2369).\n\nA denial of service vulnerability exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT data sent from the server could\npotentially result in an out-of-bounds read. A malicious server or\nman-in-the-middle can send invalid data to trigger this vulnerability\n(CVE-2016-2370).\n\nAn out-of-bounds write vulnerability exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT data sent via the server could\ncause memory corruption resulting in code execution (CVE-2016-2371).\n\nAn information leak exists in the handling of the MXIT protocol in Pidgin.\nSpecially crafted MXIT data sent via the server could potentially result\nin an out of bounds read. A malicious user, server, or man-in-the-middle\ncan send an invalid size for a file transfer which will trigger an\nout-of-bounds read vulnerability. This could result in a denial of service\nor copy data from memory to the file, resulting in an information leak if\nthe file is sent to another user (CVE-2016-2372).\n\nA denial of service vulnerability exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT data sent via the server could\npotentially result in an out-of-bounds read. A malicious server or user\ncan send an invalid mood to trigger this vulnerability (CVE-2016-2373).\n\nAn exploitable memory corruption vulnerability exists in the handling of\nthe MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent\nvia the server can result in an out-of-bounds write leading to memory\ndisclosure and code execution (CVE-2016-2374).\n\nAn exploitable out-of-bounds ready exists in the handling of the MXIT\nprotocol in Pidgin. Specially crafted MXIT contact information sent from\nthe server can result in memory disclosure (CVE-2016-2375).\n\nThe pidgin package has been updated to version 2.11.0, which fixes these\nissues and other bugs, including authentication for the AIM protocol.\n", "related": [ "CVE-2016-2376", "CVE-2016-2377", "CVE-2016-2378", "CVE-2016-2380", "CVE-2016-4323", "CVE-2016-2365", "CVE-2016-2366", "CVE-2016-2367", "CVE-2016-2368", "CVE-2016-2369", "CVE-2016-2370", "CVE-2016-2371", "CVE-2016-2372", "CVE-2016-2373", "CVE-2016-2374", "CVE-2016-2375" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2016-0236.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=18754" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0118" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0119" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0120" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0123" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0128" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0133" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0134" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0135" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0136" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0137" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0138" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0139" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0140" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0141" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0142" }, { "type": "REPORT", "url": "http://www.talosintel.com/reports/TALOS-2016-0143" }, { "type": "REPORT", "url": "https://bitbucket.org/pidgin/www/src/tip/htdocs/ChangeLog?fileviewer=file-view-default" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "pidgin", "purl": "pkg:rpm/mageia/pidgin?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.11.0-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }