Debian: DSA-2859-1 Critical: Pidgin DoS Issues Require Immediate Update
debian
February 10, 2014
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client: CVE-2013-6477
Topics Covered
Summary
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol
instant messaging client:
CVE-2013-6477
Jaime Breva Ribes discovered that a remote XMPP user can trigger a
crash by sending a message with a timestamp in the distant future.
CVE-2013-6478
Pidgin could be crashed through overly wide tooltip windows.
CVE-2013-6479
Jacob Appelbaum discovered that a malicious server or a "man in the
middle" could send a malformed HTTP header resulting in denial of
service.
CVE-2013-6481
Daniel Atallah discovered that Pidgin could be crashed through
malformed Yahoo! P2P messages.
CVE-2013-6482
Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
could be crashed through malformed MSN messages.
CVE-2013-6483
Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin
could be crashed through malformed XMPP messages.
CVE-2013-6484
It was discovered that incorrect error handling when reading the
response from a STUN server could...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: pidgin
CVE ID: CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!