[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2009:1453-01 -- Redhat pidgin and finch

ID: oval:org.secpod.oval:def:500610Date: (C)2012-01-31   (M)2024-01-29
Class: PATCHFamily: unix




Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query is an Extensible Messaging and Presence Protocol specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service . It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure . A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service . These packages upgrade Pidgin to version 2.6.2. Pidgin must be restarted for this update to take effect.

Platform:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
Product:
pidgin
finch
Reference:
RHSA-2009:1453-01
CVE-2009-2703
CVE-2009-3026
CVE-2009-3083
CVE-2009-3085
CVE    4
CVE-2009-3026
CVE-2009-3085
CVE-2009-3083
CVE-2009-2703
...
CPE    30
cpe:/a:finch:finch
cpe:/a:pidgin:pidgin:2.0.0
cpe:/o:redhat:enterprise_linux:5
cpe:/a:pidgin:pidgin:2.0.1
...

© SecPod Technologies