首页 -> 安全研究
安全研究
安全漏洞
Pidgin OSCAR插件无效内存访问拒绝服务漏洞
发布日期:2009-10-16
更新日期:2009-10-20
受影响系统:
Pidgin Pidgin 2.x不受影响系统:
Pidgin Pidgin 2.6.3描述:
BUGTRAQ ID: 36719
CVE(CAN) ID: CVE-2009-3615
Pidgin是支持多种协议的即时通讯客户端。
Pidgin的oscar协议处理插件在处理特制的ICQ消息时存在无效内存访问漏洞,当SIM IM客户端试图向libpurple用户发送联系人时就可能触发这个漏洞,导致Pidgin崩溃。
<*来源:nightwing666
链接:http://secunia.com/advisories/37072/
http://www.pidgin.im/news/security/?id=41
https://www.redhat.com/support/errata/RHSA-2009-1535.html
https://www.redhat.com/support/errata/RHSA-2009-1536.html
http://www.debian.org/security/2009/dsa-1932
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1932-1)以及相应补丁:
DSA-1932-1:New pidgin packages fix arbitrary code execution
链接:http://www.debian.org/security/2009/dsa-1932
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz
Size/MD5 checksum: 69490 bdf5958352a704f7585d3028cd5e1fec
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc
Size/MD5 checksum: 1779 43de978c046520a4919f0d5a12a20726
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.deb
Size/MD5 checksum: 158216 5ed3ffcd4e334fc0a111b4009ab833de
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all.deb
Size/MD5 checksum: 7009600 17672a402481c235f6a2b783b791e746
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.deb
Size/MD5 checksum: 193484 3d39086701ad91a11702a2a7c152c6cf
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_all.deb
Size/MD5 checksum: 275870 2f98b47825be3bdd427c0431c62b39be
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_all.deb
Size/MD5 checksum: 133752 0902b80babf5cc2ece1b7768c219535e
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha.deb
Size/MD5 checksum: 1803418 9ca1dbc9edbc3593f73e24f6585ae6c6
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb
Size/MD5 checksum: 369764 86fba3374b45f8c47f9a1dbd043858b6
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha.deb
Size/MD5 checksum: 5546018 6b07e1aec08681d8d215fb1058380079
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb
Size/MD5 checksum: 779324 98b7af086407f89594598b0862b68129
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64.deb
Size/MD5 checksum: 5678040 dc9abd0e234ce486e977cf507a1a0748
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb
Size/MD5 checksum: 350246 9bd0d316c59474a803d860d36ffaa677
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64.deb
Size/MD5 checksum: 1715330 03ce4eee9e2d9ca1065e7ec84d941e86
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb
Size/MD5 checksum: 729406 c277522dd8c8213fdc79906c37d6247b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.deb
Size/MD5 checksum: 5348566 58df4a37d31b6506a456bd8dd86b3ef2
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb
Size/MD5 checksum: 655256 c469023b397f017ebd0433ea85acee24
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.deb
Size/MD5 checksum: 1490668 aa8d7c91e49530619312394071fc9fc9
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb
Size/MD5 checksum: 315340 934e28a580a3f9596f04cb3a90a8013c
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb
Size/MD5 checksum: 361310 7918ac74caafb3dda22a4266020e86c5
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa.deb
Size/MD5 checksum: 5490030 a27a1c817f2895b036fb717f613d6f34
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb
Size/MD5 checksum: 753982 efda55e1cdadee65f026d96ab4503171
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa.deb
Size/MD5 checksum: 1827992 64bb7e52aaf538c954039c2456f36d8f
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386.deb
Size/MD5 checksum: 5374580 2961a636b7706cacd45fb36f3dea6bd4
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb
Size/MD5 checksum: 326802 9025d6ea09b7f9a02c83749473aa229c
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb
Size/MD5 checksum: 681090 79a25b879aae2ac07db502e42618c88f
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386.deb
Size/MD5 checksum: 1584434 d29f583b78f101d87ed2066385c40599
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64.deb
Size/MD5 checksum: 2194762 4f259a76294be6db4e2bed1a9273766e
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb
Size/MD5 checksum: 948280 ab48fbb1d647eec48267a69c143a44f3
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb
Size/MD5 checksum: 434844 c6d12bbb68ff7e09e344407d54ce948f
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64.deb
Size/MD5 checksum: 5223762 d492670cd8231a7de5a5ab2825c0a48b
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips.deb
Size/MD5 checksum: 1373342 ebc93647a9ec9747375431c4ba19ded6
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb
Size/MD5 checksum: 654102 92429c957d304b156d3d28c5d25805aa
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb
Size/MD5 checksum: 318434 ac3e2c5ad70e495bdae41c658ef622dd
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips.deb
Size/MD5 checksum: 5656198 7ca75b68fdfb8f8787e48e7427dc4530
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.deb
Size/MD5 checksum: 651076 7ce55a8603d33c35373dc4dfb1d14f56
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipsel.deb
Size/MD5 checksum: 1358570 58e263173578cb1f3a9875191e202e52
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb
Size/MD5 checksum: 318378 9fbc28d9902e6a51f0f6b2d2de7e0395
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipsel.deb
Size/MD5 checksum: 5546160 a99d654f53d20fa2fab9066c8fa5a8f7
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb
Size/MD5 checksum: 717584 6badbed0aba6b9d0fbfa039bacd1af79
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390.deb
Size/MD5 checksum: 1646224 7df3d4471515c43083309ab7e1d3547d
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb
Size/MD5 checksum: 358972 29aca9346b345fe3a87f8b952668a7fc
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390.deb
Size/MD5 checksum: 5568182 1e7762fc7d93585ba0e4cfd1c12ae4ff
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb
Size/MD5 checksum: 683166 da381d9384ba652955ac8029edeec6bb
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc.deb
Size/MD5 checksum: 5140422 0eaada1c6c85b8287ce2df775b154ac1
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb
Size/MD5 checksum: 327798 87a0de96929927f64a66582f8eacd5e0
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc.deb
Size/MD5 checksum: 1588172 647ca5e52e7bcb927430b7cceb798b1f
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:1536-01)以及相应补丁:
RHSA-2009:1536-01:Moderate: pidgin security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1536.html
Pidgin
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0
浏览次数:2784
严重程度:0(网友投票)
绿盟科技给您安全的保障