Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

openSUSE: 2013:0405-1 Important: Pidgin Buffer Overflow Threats

opensuse
Calendar Grey March 7, 2013
Dist Opensuse Esm H88
Crucial notice for openSUSE addressing various pidgin vulnerabilities. Strengthen your system's protection by applying these updates.
An update that fixes four vulnerabilities is now available

Description

pidgin was updated to fix security issues:

- Fix a crash when receiving UPnP responses with abnormally

long values. (CVE-2013-0274)

- Fix a crash in Sametime when a malicious server sends us

an abnormally long user ID. (CVE-2013-0273)

- Fix a bug where the MXit server or a man-in-the-middle

could potentially send specially crafted data that could

overflow a buffer and lead to a crash or remote code

execution.(CVE-2013-0272)

- Fix a bug where a remote MXit user could possibly specify

a local file path to be written to. (CVE-2013-0271)

Topics%20covered

Topics Covered

security advisory buffer overflow critical remote code execution pidgin openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-177

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-177

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.2 (i586 x86_64):

finch-2.10.6-1.4.1

finch-debuginfo-2.10.6-1.4.1

finch-devel-2.10.6-1.4.1

libpurple-2.10.6-1.4.1

libpurple-debuginfo-2.10.6-1.4.1

libpurple-devel-2.10.6-1.4.1

libpurple-meanwhile-2.10.6-1.4.1

libpurple-meanwhile-debuginfo-2.10.6-1.4.1

libpurple-tcl-2.10.6-1.4.1

libpurple-tcl-debuginfo-2.10.6-1.4.1

pidgin-2.10.6-1.4.1

pidgin-debuginfo-2.10.6-1.4.1

pidgin-debugsource-2.10.6-1.4.1

pidgin-devel-2.10.6-1.4.1

pidgin-evolution-2.10.6-1.4.1

pidgin-evolution-debuginfo-2.10.6-1.4.1

- openSUSE 12.2 (noarch):

libpurple-branding-upstream-2.10.6-1.4.1

libpurple-lang-2.10.6-1.4.1

- openSUSE 12.1 (i586 x86_64):

finch-2.10.1-8.18.1

finch-debuginfo-2.10.1-8.18.1

finch-devel-2.10.1-8.18.1

libpurple-2.10.1-8.18.1

libpurple-debuginfo-2.10.1-8.18.1

libpurple-devel-2.10.1-8.18.1

libpurple-meanwhile-2.10.1-8.18.1

libpurple-meanwhile-debuginfo-2.10.1-8.18.1

libpurple-tcl-2.10.1-8.18.1

libpurple-tcl-debuginfo-2.10.1-8.18.1

pidgin-2.10.1-8.18.1

pidgin-debuginfo-2.10.1-8.18.1

pidgin-debugsource-2.10.1-8.18.1

pidgin-d...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2013-0271.html

https://www.suse.com/security/cve/CVE-2013-0272.html

https://www.suse.com/security/cve/CVE-2013-0273.html

https://www.suse.com/security/cve/CVE-2013-0274.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0405-1
Rating: important
Affected Products: openSUSE 12.2 openSUSE 12.1 .

Topics%20covered

Topics Covered

security advisory buffer overflow critical remote code execution pidgin openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here