USN-1273-1: Pidgin vulnerabilities

Releases

• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04

Packages

• pidgin - graphical multi-protocol instant messaging client for X

Details

Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG
messages in the Yahoo! protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2011-1091)

Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100
responses in the MSN protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. (CVE-2011-3184)

Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8
sequences in the SILC protocol handler. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a denial
of service. (CVE-2011-3594)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04

• pidgin - 1:2.7.11-1ubuntu2.1

Ubuntu 10.10

• pidgin - 1:2.7.3-1ubuntu3.3

Ubuntu 10.04

• pidgin - 1:2.6.6-1ubuntu4.4

After a standard system update you need to restart Pidgin to make
all the necessary changes.

References

• CVE-2011-1091
• CVE-2011-3594
• CVE-2011-3184