[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0646 -- Oracle pidgin

ID: oval:org.secpod.oval:def:1500125Date: (C)2013-03-21   (M)2022-10-10
Class: PATCHFamily: unix




Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section. Pidgin is an instant messaging program which can log in to multipleaccounts on multiple instant messaging networks simultaneously.A stack-based buffer overflow flaw was found in the Pidgin MXit protocolplug-in. A malicious server or a remote attacker could use this flaw tocrash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.A malicious server or a remote attacker could use this flaw to crash Pidginby sending a specially-crafted username. A buffer overflow flaw was found in the way Pidgin processed certain UPnPresponses. A remote attacker could send a specially-crafted UPnP responsethat, when processed, would crash Pidgin. Red Hat would like to thank the Pidgin project for reporting the aboveissues. Upstream acknowledges Daniel Atallah as the original reporter ofCVE-2013-0272.All Pidgin users should upgrade to these updated packages, which containbackported patches to resolve these issues. Pidgin must be restarted forthis update to take effect.

Platform:
Oracle Linux 6
Product:
pidgin
finch
Reference:
ELSA-2013-0646
CVE-2013-0274
CVE-2013-0273
CVE-2013-0272
CVE    3
CVE-2013-0272
CVE-2013-0273
CVE-2013-0274
CPE    54
cpe:/a:finch:finch
cpe:/a:pidgin:pidgin:2.7.9
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.1.1
...

© SecPod Technologies