Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1430019 - (CVE-2017-2640) CVE-2017-2640 pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML
CVE-2017-2640 pidgin: Out-of-bounds write in purple_markup_unescape_entity tr...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170310,repor...
: Security
: 1428500 (view as bug list)
Depends On: 1431018 1431022
Blocks: 1415638 1428501 1430021
  Show dependency treegraph
 
Reported: 2017-03-07 11:41 EST by Adam Mariš
Modified: 2018-04-26 04:45 EDT (History)
11 users (show)

See Also:
Fixed In Version: pidgin 2.12.0
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-25 07:26:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Upstream patch (1.09 KB, patch)
2017-03-07 11:53 EST, Adam Mariš 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1854 normal SHIPPED_LIVE Moderate: pidgin security, bug fix, and enhancement update 2017-08-01 14:23:14 EDT

  None (edit)
Description Adam Mariš 2017-03-07 11:41:12 EST 
An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XML entities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server.

Upstream patch(es):

https://bitbucket.org/pidgin/main/commits/6745ecd124da91d6711ebab8812247bcd785939a
https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9bf6bffcafa156c14a4c7b3640837
Comment 1 Adam Mariš 2017-03-07 11:41:19 EST 
Acknowledgments:

Name: the Pidgin project
Comment 2 Adam Mariš 2017-03-07 11:53 EST 
Created attachment 1260886 [details]
Upstream patch
Comment 3 Dhiru Kholia 2017-03-10 03:24:24 EST 
Created pidgin tracking bugs for this issue:

Affects: fedora-all [bug 1431018]
Comment 4 Dhiru Kholia 2017-03-10 03:25:17 EST 
Public via https://pidgin.im/news/security/ page.
Comment 7 Andrej Nemec 2017-03-10 03:55:00 EST 
*** Bug 1428500 has been marked as a duplicate of this bug. ***
Comment 8 Debarshi Ray 2017-03-28 08:43:38 EDT 
Upstream fixes (from the Git mirror):

commit 2f79c62fde05b7e24dfaa421a03529ec593a7190
Author: Eion Robb <eionrobb@gmail.com>
Date:   Mon Feb 20 21:05:32 2017 +0000

    Use the more robust entity processing that @dequisdequis came up with
    
    --HG--
    branch : EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880

commit f2e987f01f58202d8a9b665eb1d8e1152fe399a2
Author: Eion Robb <eionrobb@gmail.com>
Date:   Sun Feb 19 03:13:47 2017 +0000

    Fix for crash when sending invalid xml entities separated by whitespace, eg "&# 3000;"
    
    --HG--
    branch : EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880
Comment 9 errata-xmlrpc 2017-08-01 16:21:11 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1854 https://access.redhat.com/errata/RHSA-2017:1854
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.