CVE-2009-1376
Published: 26 May 2009
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gaim Launchpad, Ubuntu, Debian |
dapper |
Released
(1:1.5.0+1.5.1cvs20051015-1ubuntu10.2)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| upstream |
Released
(2.5.6)
|
|
|
pidgin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| hardy |
Released
(1:2.4.1-1ubuntu2.4)
|
|
| intrepid |
Released
(1:2.5.2-0ubuntu1.2)
|
|
| jaunty |
Released
(1:2.5.5-1ubuntu8.1)
|
|
| upstream |
Released
(2.5.6)
|
|
|
Patches: upstream: http://developer.pidgin.im/viewmtn/revision/info/9dd1c4c3db68a80dbf157a0c0bc0c723e42b7a6e |
||