Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2013:0388-1: important: Security update for pidgin

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for pidgin

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2013:0388-1

Rating: important

References: #804742

Cross-References: CVE-2013-0271 CVE-2013-0272 CVE-2013-0273

CVE-2013-0274

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

SUSE Linux Enterprise Desktop 11 SP2

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

______________________________________________________________________________

 

An update that fixes four vulnerabilities is now available.

 

Description:

 

 

pidgin was updated to fix 4 security issues:

 

* Fixed a crash when receiving UPnP responses with

abnormally long values. (CVE-2013-0274, bnc#804742)

* Fixed a crash in Sametime protocol when a malicious

server sends us an abnormally long user ID. (CVE-2013-0273,

bnc#804742)

* Fixed a bug where the MXit server or a

man-in-the-middle could potentially send specially crafted

data that could overflow a buffer and lead to a crash or

remote code execution.(CVE-2013-0272, bnc#804742)

* Fixed a bug where a remote MXit user could possibly

specify a local file path to be written to. (CVE-2013-0271,

bnc#804742)

 

Security Issue references:

 

* CVE-2013-0271

 

* CVE-2013-0272

 

* CVE-2013-0273

 

* CVE-2013-0274

 

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Software Development Kit 11 SP2:

 

zypper in -t patch sdksp2-finch-7429

 

- SUSE Linux Enterprise Desktop 11 SP2:

 

zypper in -t patch sledsp2-finch-7429

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

 

finch-2.6.6-0.19.1

finch-devel-2.6.6-0.19.1

libpurple-2.6.6-0.19.1

libpurple-devel-2.6.6-0.19.1

libpurple-lang-2.6.6-0.19.1

pidgin-2.6.6-0.19.1

pidgin-devel-2.6.6-0.19.1

 

- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

 

finch-2.6.6-0.19.1

libpurple-2.6.6-0.19.1

libpurple-lang-2.6.6-0.19.1

libpurple-meanwhile-2.6.6-0.19.1

libpurple-tcl-2.6.6-0.19.1

pidgin-2.6.6-0.19.1

 

- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

 

finch-2.6.6-0.20.1

libpurple-2.6.6-0.20.1

pidgin-2.6.6-0.20.1

 

- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

 

finch-2.6.6-0.20.1

finch-devel-2.6.6-0.20.1

libpurple-2.6.6-0.20.1

libpurple-devel-2.6.6-0.20.1

pidgin-2.6.6-0.20.1

pidgin-devel-2.6.6-0.20.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-0271.html

http://support.novell.com/security/cve/CVE-2013-0272.html

http://support.novell.com/security/cve/CVE-2013-0273.html

http://support.novell.com/security/cve/CVE-2013-0274.html

https://bugzilla.novell.com/804742

http://download.novell.com/patch/finder/?keywords=18e124b7db8b5f6aa5744f916ed16466

http://download.novell.com/patch/finder/?keywords=51b5f7c142afdeafafca33c1a4681683

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×