Security Vulnerabilities in Pidgin 2.5.5
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pidgin (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: pidgin
Multiple issues affecting Pidgin 2.5.5
See:
http://
http://
http://
http://
Basically:
The remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple buffer overflow vulnerabilities:
- A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)
- A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets.
- A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if
it's exactly full and then more bytes are added to it. (CVE-2009-1375)
- An integer-overflow issue exists in the application due to an incorrect typecasting of 'int64' to 'size_t'. (CVE-2009-1376)
This was fixed today in the following USNs:
http:// www.ubuntu. com/usn/ USN-781- 1 www.ubuntu. com/usn/ USN-781- 2
http://
For Karmic, there is a merge request in bug #380806.