[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2012:1102-01 -- Redhat pidgin and finch

ID: oval:org.secpod.oval:def:500853Date: (C)2012-08-25   (M)2023-12-02
Class: PATCHFamily: unix




Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the original reporter of CVE-2012-3374. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.

Platform:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product:
pidgin
finch
Reference:
RHSA-2012:1102-01
CVE-2012-1178
CVE-2012-2318
CVE-2012-3374
CVE    3
CVE-2012-1178
CVE-2012-3374
CVE-2012-2318
CPE    53
cpe:/a:finch:finch
cpe:/a:pidgin:pidgin:2.7.9
cpe:/o:redhat:enterprise_linux:5
cpe:/a:pidgin:pidgin:2.1.0
...

© SecPod Technologies