pidgin 2.5.6 is out with fixes for remote buffer overflows. Would be really nice to get it in the tree. Reproducible: Always
in tree
Lars: Next time, please use the "Gentoo Security" component to file bump requests with security impact. Serkan: As I said it to Olivier on IRC, for you, too: Please pay a little attention and notify us when assigning such bugs. Makes our job easier. Thanks. :)
CVE-2009-1373: Buffer overflow via XMPP file transfers CVE-2009-1374: Possible remote denial of service when receiving a QQ packet CVE-2009-1375: Multi-protocol remote denial of service CVE-2009-1376: Previous fix to CVE-2008-2927 (buffer overflow via SLP) incomplete
Arches, please test and mark stable: =net-im/pidgin-2.5.6 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
amd64 stable.
x86 stable
alpha/ia64/sparc stable
What about bug 269333 ?
ppc64 done
ppc done
GLSA draft filed.
GLSA 200905-07, thanks everyone.
CVE-2009-1373 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1373): Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. CVE-2009-1374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1374): Buffer overflow in the decrypt_out function in Pidgin before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. CVE-2009-1375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1375): The PurpleCircBuffer implementation in Pidgin before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. CVE-2009-1376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1376): Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.