Summary: | <net-im/pidgin-2.10.0-r1 Heap-based buffer overflow by processing certain SILC private messages (CVE-2011-3594) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sean Amoss (RETIRED) <ackle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | n0idx80, net-im |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://developer.pidgin.im/ticket/14636 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sean Amoss (RETIRED)
2011-09-30 11:14:44 UTC
Updated the bug summary only. Reading the upstream ticket, I believe 2.10.0 is affected. 2.10.1 *may* include this fix, but as always, we'll wait and see. @underling: Correct, sorry about that. @net-im: Looks like a fix is available. From oss-security http://www.openwall.com/lists/oss-security/2011/10/01/1 : "This bug is believed to affect all releases of libpurple up to and including version 2.10.0. The correct fix for this bug is UTF-8 validation (and correction if necessary) of the incoming string before passing it to Glib. A patch which provides this fix has been applied to the Pidgin sources in revision 7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 and will appear in all future Pidgin releases. For reference, it is: http://developer.pidgin.im/viewmtn/revision/diff/be5e66abad2af29604bc794cc4c6600ab12751f3/with/7eb1f6d56cc58bbb5b56b7df53955d36b9b419b8 All packagers of libpurple (including monolithic Pidgin and/or finch packages) who have not already done so are encouraged to apply this change to their packages immediately." Patch was added in 2.10.0-r1. Arch teams, please, stabilize. amd64: all ok @pva Please remove -g from CFLAGS for the next release. amd64 ok. Upstream changed the info about the bug. Please take a look at: https://secunia.com/advisories/46298/ Changing From B1 to B3 ppc/ppc64 stable x86 stable. Stable for HPPA. amd64 done. Thanks Elijah *** Bug 385657 has been marked as a duplicate of this bug. *** alpha/ia64/sparc stable Thanks, folks. GLSA Vote: yes. Vote: YES. Added to pending GLSA request. CVE-2011-3594 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3594): The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. CVE-2011-3594 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3594): The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2. This issue was resolved and addressed in GLSA 201206-11 at http://security.gentoo.org/glsa/glsa-201206-11.xml by GLSA coordinator Stefan Behte (craig). |