Summary: | <net-im/pidgin-2.5.9 msn_slplink_process_msg() Memory overwrite (CVE-2009-2694) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | net-im | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://pidgin.im/news/security/?id=34 | ||||||||
Whiteboard: | B1 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-08-15 06:21:54 UTC
I have no embargo date on this issue. Olivier, if you like you can prepare an ebuild and we'll perform prestabling on this bug. As usual, no commits while the embargo lasts. Created attachment 201303 [details, diff]
fix_for_msn_remote_crash.diff
Created attachment 201337 [details]
ebuild
Attached ebuild which applies patch. It has the same keywords as 2.5.8 as you'll all have it tested so we can commit it straight to stable when its made public. It seems to work fine on amd64.
Btw, this should be B1, its a "remote active compromise", one can remotely execute arbritrary code. Arch Security Liaisons, please test the attached ebuild and report it stable on this bug: =net-im/pidgin-2.5.8-r1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" CC'ing current Liaisons: alpha : armin76, klausman amd64 : keytoaster, chainsaw hppa : jer ppc : josejx, ranger ppc64 : josejx, ranger x86 : fauli, maekke Good on x86. Looks fine on amd64. HPPA is OK. now public *** Bug 281958 has been marked as a duplicate of this bug. *** now public and/or bump to 2.5.9 Pidgin 2.5.9 is in the tree. The liaisons have been replaced with the full arch teams since its now stable. It has an extra bugfix when sending files with NULL names (whatever that is), so I guess arch teams should test/stable it asap. Arches, please test and mark stable: =net-im/pidgin-2.5.9 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" x86 stable Stable for HPPA. CVE-2009-2694 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2694): The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. amd64 stable ppc stable alpha/ia64/sparc stable ppc64 done GLSA request filed. Olivier/net-im: Please remove vulnerable versions. version 2.5.8 cleaned up GLSA 200910-02, thanks everyone, sorry about the delay. |