Gentoo: GLSA-201405-22: Pidgin: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details.
Resolution
All Pidgin users on HPPA or users of GNOME 3.8 and later on AMD64 or
X86 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.9-r1"
All Pidgin users on ALPHA, PPC, PPC64, SPARC, and users of GNOME before
3.8 on AMD64 and X86 should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/pidgin-2.10.9"
References
[ 1 ] CVE-2012-6152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6152 [ 2 ] CVE-2013-0271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0271 [ 3 ] CVE-2013-0272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0272 [ 4 ] CVE-2013-0273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0273 [ 5 ] CVE-2013-0274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0274 [ 6 ] CVE-2013-6477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6477 [ 7 ] CVE-2013-6478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6478 [ 8 ] CVE-2013-6479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6479 [ 9 ] CVE-2013-6481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6481 [ 10 ] CVE-2013-6482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6482 [ 11 ] CVE-2013-6483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6483 [ 12 ] CVE-2013-6484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6484 [ 13 ] CVE-2013-6485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6485 [ 14 ] CVE-2013-6487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6487 [ 15 ] CVE-2013-6489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6489 [ 16 ] CVE-2013-6490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6490 [ 17 ] CVE-2014-0020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0020
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201405-22
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities in Pidgin may allow execution of arbitrary code.
Background
Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/pidgin < 2.10.9 >= 2.10.9 *>= 2.10.9-r1
Impact
===== A remote attacker could possibly execute arbitrary code with the privileges of the Pidgin process, cause a Denial of Service condition, overwrite files, or spoof traffic.
Workaround
There is no known workaround at this time.