[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0646 -- Oracle pidgin

ID: oval:org.secpod.oval:def:1500125Date: (C)2013-03-21   (M)2017-09-22
Class: PATCHFamily: unix




Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section. Pidgin is an instant messaging program which can log in to multipleaccounts on multiple instant messaging networks simultaneously.A stack-based buffer overflow flaw was found in the Pidgin MXit protocolplug-in. A malicious server or a remote attacker could use this flaw tocrash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.A malicious server or a remote attacker could use this flaw to crash Pidginby sending a specially-crafted username. A buffer overflow flaw was found in the way Pidgin processed certain UPnPresponses. A remote attacker could send a specially-crafted UPnP responsethat, when processed, would crash Pidgin. Red Hat would like to thank the Pidgin project for reporting the aboveissues. Upstream acknowledges Daniel Atallah as the original reporter ofCVE-2013-0272.All Pidgin users should upgrade to these updated packages, which containbackported patches to resolve these issues. Pidgin must be restarted forthis update to take effect.

Platform:
Oracle Linux 6
Product:
pidgin
finch
Reference:
ELSA-2013-0646
CVE-2013-0274
CVE-2013-0273
CVE-2013-0272
CVE-2011-2485
CVE-2012-1178
CVE-2012-2318
CVE-2012-3374
CVE    7
CVE-2011-2485
CVE-2012-1178
CVE-2012-2318
CVE-2012-3374
...
CPE    54
cpe:/a:finch:finch
cpe:/a:pidgin:pidgin
cpe:/a:pidgin:pidgin:2.7.0
cpe:/a:pidgin:pidgin:2.7.1
...

© 2013 SecPod Technologies