Pidgin Security Vulnerabilities

Gary Kramlich grim at reaperworld.com
Sun Jun 19 01:45:33 EDT 2016 

On 06/13/2016 11:01 PM, Gary Kramlich wrote:
> *** The contents of this email are sensitive! Please do not share
> publicly until after the embargo date -- Tuesday 2016-06-21 at 17:00
> PST, 20:00 EST, 00:00 UTC ***
> 
> Greetings Pidgin Packagers!
> 
> I regret to inform you that we are disclosing a large number of security
> vulnerabilities in pidgin and libpurple.  We will be release 2.11.0 in
> just under seven days on Tuesday June 21 at 00:00 UTC.
> 
> Sorry for the tight timeline; this is my first security release and it
> hasn't gone exactly to plan.  Likewise, if there's anything I could do
> better, please let me know.
> 
> Also, we still need to request a CVE for the GnuTls issue mentioned below.
> 
> Most of the issues are in the MXit protocol plugin which is not widely
> used.  Please note that there is one patch for TALOS-CAN-0120,
> TALOS-CAN-0138, and TALOS-CAN-0140 as they share code paths and we avoid
> some conflicts by using a single patch.
> 
> The other issue is in our initialization of GnuTls where we were not
> correctly checking return values.
> 
> The provided patches [1] were all generated against the 2.11.0 branch
> that we will be releasing.  That said, the patches have all been tested
> against the 2.10.12 release and apply cleanly aside from their ChangeLog
> entries.  I have also provided a single patch that includes all of the
> fixes for the vulnerabilities if you find that easier to use.
> 
> The final 2.11.0 tarball will be ready later this week as well and I
> will reply this thread when it is ready.

Sorry for the long delay but the 2.11.0 tarballs are now available at
the URL below.

> 
> [1] https://pidgin.im/~grim/pidgin-2.11.0-GxZgE6wvFUFbpNCCtyDnMkfHVGWZa8/
> 
> Please let me know if you have any questions.
> 
> Thanks,
> 
> Gary Kramlich <grim at reaperworld.com>
> 
> -----
> 
> CVE-2016-xxxx
> 
> x509 certificates may be improperly imported.
> Discovered by Yuan Kang and Suman Jana from Columbia University and
> Baishakhi Ray from the University of Virginia.
> This patch was written by dequis.
> 
> -----
> 
> TALOS-CAN-0118
> 
> Pidgin MXIT read stage 0x3 Code Execution Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0119
> 
> Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0120
> Pidgin MXIT get_utf8_string Code Execution Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0123
> Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0128
> Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0133
> Pidgin MXIT Markup Command Denial of Service Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0134
> Pidgin MXIT Table Command Denial of Service Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0135
> Pidgin MXIT Avatar Length Memory Disclosure Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0136
> Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0137
> Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0138
> Pidgin MXIT Custom Resource Denial of Service Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0139
> Pidgin MXIT Extended Profiles Code Execution Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0140
> Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0141
> Pidgin MXIT Contact Mood Denial of Service Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0142
> Pidgin MXIT MultiMX Message Code Execution Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> TALOS-CAN-0143
> Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability
> Reported by Regina Wilson of Cisco Talos and was discovered by Yves
> Younan of Cisco Talos.
> 
> -----
> 
> *** The contents of this email are sensitive! Please do not share
> publicly until after the embargo date -- Tuesday 2016-06-21 at 17:00
> PST, 20:00 EST, 00:00 UTC ***
> 
> 
> 
> 
> _______________________________________________
> Packagers mailing list
> Packagers at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/packagers
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20160619/f0a92c7d/attachment.sig>

More information about the Packagers mailing list