[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0646 -- Oracle pidgin

ID: oval:org.secpod.oval:def:1500125Date: (C)2013-03-21   (M)2018-06-20
Class: PATCHFamily: unix




Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section. Pidgin is an instant messaging program which can log in to multipleaccounts on multiple instant messaging networks simultaneously.A stack-based buffer overflow flaw was found in the Pidgin MXit protocolplug-in. A malicious server or a remote attacker could use this flaw tocrash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.A malicious server or a remote attacker could use this flaw to crash Pidginby sending a specially-crafted username. A buffer overflow flaw was found in the way Pidgin processed certain UPnPresponses. A remote attacker could send a specially-crafted UPnP responsethat, when processed, would crash Pidgin. Red Hat would like to thank the Pidgin project for reporting the aboveissues. Upstream acknowledges Daniel Atallah as the original reporter ofCVE-2013-0272.All Pidgin users should upgrade to these updated packages, which containbackported patches to resolve these issues. Pidgin must be restarted forthis update to take effect.

Platform:
Oracle Linux 6
Product:
pidgin
finch
Reference:
ELSA-2013-0646
CVE-2013-0274
CVE-2013-0273
CVE-2013-0272
CVE-2011-2485
CVE-2012-1178
CVE-2012-2318
CVE-2012-3374
CVE    7
CVE-2011-2485
CVE-2013-0272
CVE-2013-0273
CVE-2013-0274
...
CPE    54
cpe:/a:pidgin:pidgin:2.7.9
cpe:/a:pidgin:pidgin:2.1.0
cpe:/a:pidgin:pidgin:2.1.1
cpe:/a:pidgin:pidgin:2.3.0
...

© SecPod Technologies