Kod programskog paketa Pidgin, namijenjenog operacijskom sustavu Fedora 14, uočena je sigurnosna ranjivost. Pidgin se koristi za razmjenu poruka u stvarnom vremenu, a podržava velik broj protokola. Sigurnosni propust je uzrokovan neodgovarajućom provjerom povratne vrijednosti "purple_base64_decode" funkcije zbog čega dolazi do dereferenciranja NULL pokazivača. Napadač može iskoristiti ranjivost podmetanjem zlonamjerno oblikovane P2P poruke pri čemu može izvesti napad uskraćivanjem usluga (eng. Denial of Service). Korisnicima se savjetuje instalacija dostupnih programskih zakrpa.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-19314
2010-12-30 19:54:18
--------------------------------------------------------------------------------

Name        : pidgin
Product     : Fedora 14
Version     : 2.7.9
Release     : 1.fc14
URL         : http://pidgin.im/
Summary     : A Gtk+ based multiprotocol instant messaging client
Description :
Pidgin allows you to talk to anyone using a variety of messaging
protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,
ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and
Zephyr.  These protocols are implemented using a modular, easy to
use design.  To use a protocol, just add an account using the
account editor.

Pidgin supports many common features of other clients, as well as many
unique features, such as perl scripting, TCL scripting and C plugins.

Pidgin is not affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, Yahoo! Inc., or ICQ Inc.

--------------------------------------------------------------------------------
Update Information:

New release 2.7.9

Upstream ChangeLog:

http://developer.pidgin.im/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 27 2010 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.7.9-1
- 2.7.9, includes security/DoS fix in the MSN protocol (#665856)
* Mon Nov 29 2010 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.7.7-1
- 2.7.7
- Disable MSNP16 due to regressions interacting with official client
* Fri Nov 19 2010 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.7.5-2
- Add additional intermediate CA certificates to fix MSN
* Mon Nov  1 2010 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.7.5-1
- 2.7.5
* Fri Oct 22 2010 Stu Tomlinson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.7.4-1
- 2.7.4, includes security fix for CVE-2010-3711
* Tue Oct 12 2010 Milan Crha <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.7.3-6
- Rebuild against newer evolution-data-server
* Wed Sep 29 2010 jkeating - 2.7.3-5
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #665421 - Pidgin: MSN DirectConnect DoS (crash) after receiving a
short P2P message
        https://bugzilla.redhat.com/show_bug.cgi?id=665421
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pidgin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh