Home Unlabelled USN-2390-1: Pidgin vulnerabilities

USN-2390-1: Pidgin vulnerabilities

By
Tuesday, October 28, 2014
Read
Add Comment

Ubuntu Security Notice USN-2390-1


28th October, 2014


pidgin vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.10

  • Ubuntu 14.04 LTS

  • Ubuntu 12.04 LTS


Summary


Several security issues were fixed in Pidgin.


Software description



  • pidgin - graphical multi-protocol instant messaging client for X


Details


Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly

handled certificate validation. A remote attacker could exploit this to

perform a man in the middle attack to view sensitive information or alter

encrypted communications. (CVE-2014-3694)


Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled

certain malformed MXit emoticons. A malicious remote server or a man in the

middle could use this issue to cause Pidgin to crash, resulting in a denial

of service. (CVE-2014-3695)


Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled

certain malformed Groupwise messages. A malicious remote server or a man in

the middle could use this issue to cause Pidgin to crash, resulting in a

denial of service. (CVE-2014-3696)


Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handled

memory when processing XMPP messages. A malicious remote server or user

could use this issue to cause Pidgin to disclosure arbitrary memory,

resulting in an information leak. (CVE-2014-3698)


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.10:

pidgin 1:2.10.9-0ubuntu7.1

libpurple0 1:2.10.9-0ubuntu7.1

Ubuntu 14.04 LTS:

pidgin 1:2.10.9-0ubuntu3.2

libpurple0 1:2.10.9-0ubuntu3.2

Ubuntu 12.04 LTS:

pidgin 1:2.10.3-0ubuntu1.6

libpurple0 1:2.10.3-0ubuntu1.6


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to restart Pidgin to make all the

necessary changes.


References


CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698






from Ubuntu Security Notices http://bit.ly/1tdgWBe
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us