[USN-796-1] Pidgin vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Mon Jul 6 19:30:00 BST 2009


===========================================================
Ubuntu Security Notice USN-796-1              July 06, 2009
pidgin vulnerability
CVE-2009-1889
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  pidgin                          1:2.4.1-1ubuntu2.5

Ubuntu 8.10:
  pidgin                          1:2.5.2-0ubuntu1.3

Ubuntu 9.04:
  pidgin                          1:2.5.5-1ubuntu8.3

After a standard system upgrade you need to restart Pidgin to effect
the necessary changes.

Details follow:

Yuriy Kaminskiy discovered that Pidgin did not properly handle certain
messages in the ICQ protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5.diff.gz
      Size/MD5:    69164 c70f15e2d9925bd9a59b50840bfb7955
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5.dsc
      Size/MD5:     1539 721951dceb5f4f14ae2bb4448ad1cac6
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1.orig.tar.gz
      Size/MD5: 13297380 25e3593d5e6bfc17911111475a057778

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.4.1-1ubuntu2.5_all.deb
      Size/MD5:    37848 19e50d194b3f88411ecad8fb59ca84ac
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.4.1-1ubuntu2.5_all.deb
      Size/MD5:    92484 8689a019c2ca2b38e15aff511afcb126
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.4.1-1ubuntu2.5_all.deb
      Size/MD5:   234622 57a60ab7b5b8200b1c59664fcaed09ad
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.4.1-1ubuntu2.5_all.deb
      Size/MD5:  1329072 1ccf6543b453ea97c93adeaf3c8cecab
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.4.1-1ubuntu2.5_all.deb
      Size/MD5:    72644 4cf5e0c20fe9d4e45bf5dbfa9a1977db
    http://security.ubuntu.com/ubuntu/pool/universe/p/pidgin/gaim_2.4.1-1ubuntu2.5_all.deb
      Size/MD5:    86650 981f86978bf9d05d0325ca147789ba6a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_amd64.deb
      Size/MD5:   226882 19cfa44a561a43bc3fa11428fbafddaa
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_amd64.deb
      Size/MD5:  1604968 fb1664d9db6f4dcb7515cf0621a0e2c2
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_amd64.deb
      Size/MD5:  4432872 e82202e8158bd7fc5e528eff6352e9f1
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_amd64.deb
      Size/MD5:   572092 d745457004a88ace8afe8327919c8366

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_i386.deb
      Size/MD5:   200870 62ba621c0643d3dd4e8a10e7fb627be6
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_i386.deb
      Size/MD5:  1365264 b8851b1dfcc45e5112379d86a8560b4f
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_i386.deb
      Size/MD5:  4242726 8d34410391640602f5fbaab114637eea
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_i386.deb
      Size/MD5:   517136 f27931424aae4d2df6d9276d57778ef4

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_lpia.deb
      Size/MD5:   197190 125d9dc936b19fc2e30b63395cc91311
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_lpia.deb
      Size/MD5:  1415410 264502f259c45da978283cd2deed21ff
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_lpia.deb
      Size/MD5:  4372712 4815c0b8f5e5db6a483b9b7b5e90202f
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_lpia.deb
      Size/MD5:   511658 3fe599d6288bcc92b1eaa8df579a7fae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_powerpc.deb
      Size/MD5:   237202 c45aea5032ff9e61326243cf29fe58ca
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_powerpc.deb
      Size/MD5:  1633736 3c8b4d4c45b28d0726bc6669c1e82e9c
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_powerpc.deb
      Size/MD5:  4475886 fde137ce8d58e26fb707478742563802
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_powerpc.deb
      Size/MD5:   589636 2f142dc2f8674578f52743bd6db54245

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.4.1-1ubuntu2.5_sparc.deb
      Size/MD5:   212832 e0931b8368e9a5be0edc1dcad7af9cc5
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.4.1-1ubuntu2.5_sparc.deb
      Size/MD5:  1531968 60665d8ee53ac8f2b83579c6ef120743
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.4.1-1ubuntu2.5_sparc.deb
      Size/MD5:  4364144 49f051b8a8c85d449e074f43889c6455
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.4.1-1ubuntu2.5_sparc.deb
      Size/MD5:   545640 dca0481b3b91cac603d926d0b364a075

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3.diff.gz
      Size/MD5:    61109 89770bcc35af977d3b33c5d4fd432ba1
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3.dsc
      Size/MD5:     1995 1e9143dccb487f7a07ff787faf305316
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2.orig.tar.gz
      Size/MD5: 11642659 3ad83133a2381087cbdddf42ba5d6ecf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.2-0ubuntu1.3_all.deb
      Size/MD5:    38228 e74e5d5bdd6259248715951152db8960
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.2-0ubuntu1.3_all.deb
      Size/MD5:    94990 87c0100cb825079578ff39896e39e5bb
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.2-0ubuntu1.3_all.deb
      Size/MD5:   242446 77f527142b4d4ba5de074e24e4c40b8f
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.2-0ubuntu1.3_all.deb
      Size/MD5:  1107018 0dbc651de63d442652be3dae6eb60bac
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.2-0ubuntu1.3_all.deb
      Size/MD5:  1357364 ffeeba39751c4d846dedd7f68b236111

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_amd64.deb
      Size/MD5:   230062 f32d151342bd2936e5737786d84afb4d
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_amd64.deb
      Size/MD5:  1754728 717f54c80158df99362fa15fc7675262
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_amd64.deb
      Size/MD5:  4660546 6803c0dde881db7b106b3157aa4546a6
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_amd64.deb
      Size/MD5:   613972 a4f2911a092fe319c3484d21f8cd23b9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_i386.deb
      Size/MD5:   204022 5503dd4f172149179c10a7fbf015f644
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_i386.deb
      Size/MD5:  1503360 98ac05ca1f329a7e6d150973d4309c1c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_i386.deb
      Size/MD5:  4464556 2b2830ae442a2916342ef423658d0e55
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_i386.deb
      Size/MD5:   559586 ae2c916503d04c5443f7e94df2d78fd1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_lpia.deb
      Size/MD5:   200652 4ceb5dad8ace3009147da0c4a9e72a36
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_lpia.deb
      Size/MD5:  1552258 c2d933448089b75d6b183b93623a5fbb
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_lpia.deb
      Size/MD5:  4599392 638b6d2eaead1319f58776241f617580
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_lpia.deb
      Size/MD5:   553784 550a852c80fb57899a429dee2e8ed51a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_powerpc.deb
      Size/MD5:   235470 97e13f09b0c1be4ca8460089b3462106
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_powerpc.deb
      Size/MD5:  1790468 72432fac2c37bbe8b245b4f49b14accd
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_powerpc.deb
      Size/MD5:  4684996 ba2f04783a3055c59b89309f45aaf7cb
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_powerpc.deb
      Size/MD5:   619552 e98dedff7d91d7b1e9c36f0d73ad1d24

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.2-0ubuntu1.3_sparc.deb
      Size/MD5:   217316 4139672f16928314f6fb1ab4a92649f9
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.2-0ubuntu1.3_sparc.deb
      Size/MD5:  1682752 3660dcc970dc9e6f15cdc4619ffa20a4
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.2-0ubuntu1.3_sparc.deb
      Size/MD5:  4586880 d2931f64f5b78a1d999c80eeb9c82546
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.2-0ubuntu1.3_sparc.deb
      Size/MD5:   590742 9dcb513bb95f1a374de48193b5d38137

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3.diff.gz
      Size/MD5:   132541 c77f3f90cc45c046f39d530cfa080021
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3.dsc
      Size/MD5:     1935 8ace33777a3ffe91d97759bb2c255997
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5.orig.tar.gz
      Size/MD5: 11989031 08d9c0c8dd43dbcec6f67d8ba596029f

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch-dev_2.5.5-1ubuntu8.3_all.deb
      Size/MD5:    38440 68fb60c8132a5cc683b5533b16882232
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-bin_2.5.5-1ubuntu8.3_all.deb
      Size/MD5:    97546 9b9e3becf081a9a1502e6e7c2f369145
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple-dev_2.5.5-1ubuntu8.3_all.deb
      Size/MD5:   245608 da22fe05f8bfd598009949876b375842
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-data_2.5.5-1ubuntu8.3_all.deb
      Size/MD5:  1150856 c5b88feffc26cea5f989bb842700983d
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dev_2.5.5-1ubuntu8.3_all.deb
      Size/MD5:  1371436 c3e146ca3f2e9b9e3a1e35e159de39fa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_amd64.deb
      Size/MD5:   235088 6313965554f24edae96d269b8ea5743e
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_amd64.deb
      Size/MD5:  1769464 2b2735ffe403873bb9ddec66c7489533
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_amd64.deb
      Size/MD5:  5844998 864aa68cfe5341be94d935e587117790
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_amd64.deb
      Size/MD5:   567412 359558290269a12016cfae47e6d704d1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_i386.deb
      Size/MD5:   213596 081632a915de7aed83f5329a8e09893e
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_i386.deb
      Size/MD5:  1552816 fe9ae42391f21c1062c278d5a0947619
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_i386.deb
      Size/MD5:  5447566 55fa8f1a1cfd84dd68721055b5e3d59c
    http://security.ubuntu.com/ubuntu/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_i386.deb
      Size/MD5:   519330 1ae4aec80e938141ec3cbe35732f75a4

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_lpia.deb
      Size/MD5:   212130 6ae6d63272086da03f350d8d8d68a0fd
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_lpia.deb
      Size/MD5:  1613110 d4c1dbe21f394c8296832de692d65cce
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_lpia.deb
      Size/MD5:  5594480 bcafb8cef0b0cece6a67fd00deed226d
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_lpia.deb
      Size/MD5:   518524 bd071ffbeeef67ca7372e1743b29efd1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_powerpc.deb
      Size/MD5:   245172 a180211f55d969060d68fdf1546a625f
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_powerpc.deb
      Size/MD5:  1825558 bc765d890d566e67f308875a3df0c916
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_powerpc.deb
      Size/MD5:  5758770 3caed5b7d90fd31babc1538b8d7a1462
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_powerpc.deb
      Size/MD5:   580986 c20fb6fe4d0c39ffb808e741c97e6104

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/p/pidgin/finch_2.5.5-1ubuntu8.3_sparc.deb
      Size/MD5:   214650 5aefec6c79a64ad3660976dd7b4adf97
    http://ports.ubuntu.com/pool/main/p/pidgin/libpurple0_2.5.5-1ubuntu8.3_sparc.deb
      Size/MD5:  1640188 baa4c74f1e28da77dfd45516ce158f3d
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin-dbg_2.5.5-1ubuntu8.3_sparc.deb
      Size/MD5:  5292090 20d0c003f0e1977ebe20aaef22b3976f
    http://ports.ubuntu.com/pool/main/p/pidgin/pidgin_2.5.5-1ubuntu8.3_sparc.deb
      Size/MD5:   522162 528d8ae42a85cbf0a56c4ebd9477a8b9


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20090706/07069702/attachment-0001.pgp 


More information about the ubuntu-security-announce mailing list