Ubuntu
pidgin package

[CVE-2008-2955, -2956, -2957] Pidgin denial of service vulnerabilities

Bug #245769 reported by Till Ulen
254
Affects Status Importance Assigned to Milestone
pidgin (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: pidgin

CVE-2008-2955 description:

"Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2955

CVE-2008-2956 description:

"Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2956

CVE-2008-2957 description:

"The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2957

Revision history for this message
Till Ulen (tillulen) wrote :

Adding CVE links: CVE-2008-2955, CVE-2008-2956, CVE-2008-2957

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pidgin - 1:2.2.1-1ubuntu4.3

---------------
pidgin (1:2.2.1-1ubuntu4.3) gutsy-security; urgency=low

  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/99_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c by checking
      against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/99_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

 -- Marc Deslauriers <email address hidden> Thu, 20 Nov 2008 15:54:34 -0500

Changed in pidgin:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.