Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 270811 (CVE-2009-1373) - <net-im/pidgin-2.5.6: Multiple vulnerabilities (CVE-2009-{1373,1374,1375,1376})
Summary: <net-im/pidgin-2.5.6: Multiple vulnerabilities (CVE-2009-{1373,1374,1375,1376})
Status: RESOLVED FIXED
Alias: CVE-2009-1373
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://pidgin.im/news/security/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-22 10:21 UTC by Lars Lindley
Modified: 2009-05-26 16:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Lindley 2009-05-22 10:21:23 UTC
pidgin 2.5.6 is out with fixes for remote buffer overflows.
Would be really nice to get it in the tree.

Reproducible: Always
Comment 1 Olivier Crete (RETIRED) gentoo-dev 2009-05-22 14:40:25 UTC
in tree
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-22 21:13:45 UTC
Lars: Next time, please use the "Gentoo Security" component to file bump requests with security impact.

Serkan: As I said it to Olivier on IRC, for you, too: Please pay a little attention and notify us when assigning such bugs. Makes our job easier. Thanks. :)
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-22 21:39:30 UTC
CVE-2009-1373: Buffer overflow via XMPP file transfers
CVE-2009-1374: Possible remote denial of service when receiving a QQ packet
CVE-2009-1375: Multi-protocol remote denial of service
CVE-2009-1376: Previous fix to CVE-2008-2927 (buffer overflow via SLP) incomplete
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-22 21:40:51 UTC
Arches, please test and mark stable:
=net-im/pidgin-2.5.6
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-23 03:13:55 UTC
Stable for HPPA.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-23 09:20:15 UTC
amd64 stable.
Comment 7 Markus Meier gentoo-dev 2009-05-23 10:51:02 UTC
x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2009-05-23 18:26:35 UTC
alpha/ia64/sparc stable
Comment 9 Nirbheek Chauhan (RETIRED) gentoo-dev 2009-05-23 18:49:35 UTC
What about bug 269333 ?
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-05-25 16:03:14 UTC
ppc64 done
Comment 11 Brent Baude (RETIRED) gentoo-dev 2009-05-25 16:03:21 UTC
ppc done
Comment 12 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-25 17:47:07 UTC
GLSA draft filed.
Comment 13 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-26 16:01:38 UTC
GLSA 200905-07, thanks everyone.
Comment 14 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-26 16:28:21 UTC
CVE-2009-1373 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1373):
  Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before
  2.5.6 allows remote authenticated users to execute arbitrary code via
  vectors involving an outbound XMPP file transfer.  NOTE: some of
  these details are obtained from third party information.

CVE-2009-1374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1374):
  Buffer overflow in the decrypt_out function in Pidgin before 2.5.6
  allows remote attackers to cause a denial of service (application
  crash) via a QQ packet.

CVE-2009-1375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1375):
  The PurpleCircBuffer implementation in Pidgin before 2.5.6 does not
  properly maintain a certain buffer, which allows remote attackers to
  cause a denial of service (memory corruption and application crash)
  via vectors involving the (1) XMPP or (2) Sametime protocol.

CVE-2009-1376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1376):
  Multiple integer overflows in the msn_slplink_process_msg functions
  in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c
  and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.5.6 on
  32-bit platforms allow remote attackers to execute arbitrary code via
  a malformed SLP message with a crafted offset value, leading to
  buffer overflows.  NOTE: this issue exists because of an incomplete
  fix for CVE-2008-2927.