安全研究
安全漏洞
Pidgin多个拒绝服务漏洞
发布日期:2010-02-18
更新日期:2010-02-26
受影响系统:
Pidgin Pidgin < 2.6.6不受影响系统:
Pidgin Pidgin 2.6.6描述:
BUGTRAQ ID: 38294
CVE ID: CVE-2010-0277,CVE-2010-0420,CVE-2010-0423
Pidgin是支持多种协议的即时通讯客户端。
Pidgin的MSN协议实现处理MSNSLP邀请的方式存在输入过滤漏洞,远程攻击者可以发送特制的INVITE请求导致拒绝服务(内存破坏和Pidgin崩溃)。
Finch的XMPP聊天实现在使用多用户会话时存在拒绝服务漏洞。如果多用户聊天会话中的Finch用户要将昵称更改为包含有HTML br元素,就会导致Finch崩溃。
Pidgin处理表情符图形的方式存在拒绝服务漏洞。远程攻击者可以在相互通讯中向受害用户发送大量的表情符图形,导致过多的CPU使用率。
<*来源:Fabian Yamaguchi
链接:http://secunia.com/advisories/38563/
http://www.pidgin.im/news/security//?id=44
http://www.pidgin.im/news/security//?id=43
http://www.pidgin.im/news/security//?id=45
https://www.redhat.com/support/errata/RHSA-2010-0115.html
http://www.debian.org/security/2010/dsa-2038
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-2038-2)以及相应补丁:
DSA-2038-2:New pidgin packages fix regression
链接:http://www.debian.org/security/2010/dsa-2038
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.diff.gz
Size/MD5 checksum: 72195 fe0a9dd9d55d642dc77c4f7c678522c8
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.dsc
Size/MD5 checksum: 1784 300f72738867fcd326db7f836ac47d67
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny7_all.deb
Size/MD5 checksum: 7019174 3d1e4508e5543441a5d04a31f03b0979
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny7_all.deb
Size/MD5 checksum: 193842 b2c75fc6891adad16add69903ce9762d
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny7_all.deb
Size/MD5 checksum: 159766 5bb66c4efe6c67eeb33297738799a831
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny7_all.deb
Size/MD5 checksum: 133930 c25806d1d9a07c49c5a3b2fd0b83964c
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny7_all.deb
Size/MD5 checksum: 277224 c169cf3a82bb6a0faf1d285a7377b695
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_alpha.deb
Size/MD5 checksum: 1501864 9aa23188e1610834d035e88fd30308b8
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_alpha.deb
Size/MD5 checksum: 369772 a8eb912226cf47f5f74892f0b1110cc4
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_alpha.deb
Size/MD5 checksum: 776646 bf0f80658559ab3e4c22356dd47d809d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_alpha.deb
Size/MD5 checksum: 4989752 30e054746fff6d56a9e3b288039ff6c9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_amd64.deb
Size/MD5 checksum: 727950 57554918978a95ea250a8494c9aab433
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_amd64.deb
Size/MD5 checksum: 1429960 2779007da91fe74a1304f3263cd7d53e
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_amd64.deb
Size/MD5 checksum: 348100 d01043df40ed1861c63043b44289984d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_amd64.deb
Size/MD5 checksum: 5101892 af2ea1456eb390f3930e6164108a9c7f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_arm.deb
Size/MD5 checksum: 316624 290e5d8fa14bcc09dde3ce6d326d84bd
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_arm.deb
Size/MD5 checksum: 657416 1997d30109a1c86c6c8979ff2e0511ee
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_arm.deb
Size/MD5 checksum: 4835872 9f2aaef6679c3b2e27a73240799a7ffa
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_arm.deb
Size/MD5 checksum: 1239516 640fd3ff6c91ac45820581df86965af8
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_armel.deb
Size/MD5 checksum: 668000 b0bc286a8e2d74a033ac69b5ed234e6e
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_armel.deb
Size/MD5 checksum: 1243880 88c529b8e9178969c3a3a13e1a8e3230
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_armel.deb
Size/MD5 checksum: 319962 72d956d2c3b6b04dc0aed07e6d99e944
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_armel.deb
Size/MD5 checksum: 4851712 6134571c92b5495489555c01fc4a6d51
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_hppa.deb
Size/MD5 checksum: 1522820 023def8c7a3051e1d15030347c99e99d
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_hppa.deb
Size/MD5 checksum: 752858 43129b10ef60136293b349614a662972
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_hppa.deb
Size/MD5 checksum: 4943738 9cc7aee5d06445b07cceb81efa3ba30d
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_hppa.deb
Size/MD5 checksum: 360748 353f5caf6903c89a3bdd482dd6a520e6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_i386.deb
Size/MD5 checksum: 681390 82c10195fb937a47a113940fa93dbdb5
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_i386.deb
Size/MD5 checksum: 4837960 416ddcf7b18e7b2a474fa56731a93f7b
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_i386.deb
Size/MD5 checksum: 326994 06bb2fefdc9ea9dce38a5481f33dcdf5
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_i386.deb
Size/MD5 checksum: 1317496 9218b0b46b8716781d80133e77194170
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_ia64.deb
Size/MD5 checksum: 1821990 87c03b5c08d97b8c8ae2a573ecd3cecb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_ia64.deb
Size/MD5 checksum: 435010 22dee93a1714c2654ec0dfaa8705cfe2
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_ia64.deb
Size/MD5 checksum: 4706272 6e0b0c3291dceb229522e1de229e3361
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_ia64.deb
Size/MD5 checksum: 948766 ddf4cff0ac25735e5d18edcbeb970bf4
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mips.deb
Size/MD5 checksum: 1117676 eb4a88cc934233faafebdcebc1171bc3
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mips.deb
Size/MD5 checksum: 319576 4ad4d7a878a0d5daaff189da549c4638
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mips.deb
Size/MD5 checksum: 5087780 9ebfc36f1749b61ab7a4fe70d0770f88
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mips.deb
Size/MD5 checksum: 654936 d63bd6a67138596ef85b7a3259fceee7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mipsel.deb
Size/MD5 checksum: 4999390 ad6121a42731cb360d76b6fe67180924
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mipsel.deb
Size/MD5 checksum: 318598 8b0b8f40209b828098f6ed000c517f65
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mipsel.deb
Size/MD5 checksum: 1108760 4e9f79966b7fa0df677a1a5952488e62
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mipsel.deb
Size/MD5 checksum: 651474 7b24d4210caaf4d27b9b3863393bffd6
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_powerpc.deb
Size/MD5 checksum: 1470622 c51b3531cc31005e58feac25f8606bd3
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_powerpc.deb
Size/MD5 checksum: 5052846 986c8a8ac0ccd3399393bceda957656f
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_powerpc.deb
Size/MD5 checksum: 362770 f00c1a33b3598333dfc4ae9d61bf1d83
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_powerpc.deb
Size/MD5 checksum: 755104 ae81b0387a32b162fb30ac425dc4ad43
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_s390.deb
Size/MD5 checksum: 5014182 c093e4c7e6e3b6132a8145a35e88c3fb
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_s390.deb
Size/MD5 checksum: 359260 919eb5ad29cb280d84ef36b2c45273b9
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_s390.deb
Size/MD5 checksum: 1351418 a94314c09692e3a9350b8bd1684843bc
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_s390.deb
Size/MD5 checksum: 718026 52121ab6cf237545c29f10826b98894b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_sparc.deb
Size/MD5 checksum: 4639296 f38822c989d40d124d82abc53ae42d38
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_sparc.deb
Size/MD5 checksum: 328662 f5fe4eb9c81b2aa8d335b983288902dd
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_sparc.deb
Size/MD5 checksum: 683246 d37d198e8bb1d5c3f98521dcc0a43c24
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_sparc.deb
Size/MD5 checksum: 1323820 54026420c5be2e153e7a8ffbcb70b5cd
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2010:0115-01)以及相应补丁:
RHSA-2010:0115-01:Moderate: pidgin security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0115.html
Pidgin
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://developer.pidgin.im/wiki/ChangeLog
浏览次数:4018
严重程度:0(网友投票)
绿盟科技给您安全的保障