Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -8 articles for you...
200

Scientific Linux: SLSA-2014:0139-1 Moderate: Pidgin Denial Of Service

Moderate: pidgin security update. Date: Wed, 5 Feb 2014 19:02:44 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Bonnie King Subject: Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: pidgin security update Advisory ID: SLSA-2014:0139-1 Issue Date: 2014-02-05 CVE Numbers: CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020 -- A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of "iq" replies. A remote attacker could use this flaw to spoof an "iq" reply, which could lead to injection of fake data or cause Pidgin to crash via a NULL pointer dereference. (CVE-2013-6483) A flaw was found in the way Pidgin parsed certain HTTP response headers. A remote attacker could use this flaw to crash Pidgin via a specially crafted HTTP response header. (CVE-2013-6479) It was found that Pidgin crashed when a mouse pointer was hovered over a long URL. Aremote attacker could use this flaw to crash Pidgin by sending a message containing a long URL string. (CVE-2013-6478) Pidgin must be restarted for this update to take effect. -- SL5 x86_64 finch-2.6.6-32.el5.i386.rpm finch-2.6.6-32.el5.x86_64.rpm libpurple-2.6.6-32.el5.i386.rpm libpurple-2.6.6-32.el5.x86_64.rpm libpurple-perl-2.6.6-32.el5.x86_64.rpm libpurple-tcl-2.6.6-32.el5.x86_64.rpm pidgin-2.6.6-32.el5.i386.rpm pidgin-2.6.6-32.el5.x86_64.rpm pidgin-debuginfo-2.6.6-32.el5.i386.rpm pidgin-debuginfo-2.6.6-32.el5.x86_64.rpm pidgin-perl-2.6.6-32.el5.x86_64.rpm finch-devel-2.6.6-32.el5.i386.rpm finch-devel-2.6.6-32.el5.x86_64.rpm libpurple-devel-2.6.6-32.el5.i386.rpm libpurple-devel-2.6.6-32.el5.x86_64.rpm pidgin-devel-2.6.6-32.el5.i386.rpm pidgin-devel-2.6.6-32.el5.x86_64.rpm i386 finch-2.6.6-32.el5.i386.rpm libpurple-2.6.6-32.el5.i386.rpm libpurple-perl-2.6.6-32.el5.i386.rpm libpurple-tcl-2.6.6-32.el5.i386.rpm pidgin-2.6.6-32.el5.i386.rpm pidgin-debuginfo-2.6.6-32.el5.i386.rpm pidgin-perl-2.6.6-32.el5.i386.rpm finch-devel-2.6.6-32.el5.i386.rpm libpurple-devel-2.6.6-32.el5.i386.rpm pidgin-devel-2.6.6-32.el5.i386.rpm SL6 x86_64 libpurple-2.7.9-27.el6.i686.rpm libpurple-2.7.9-27.el6.x86_64.rpm pidgin-2.7.9-27.el6.x86_64.rpm pidgin-debuginfo-2.7.9-27.el6.i686.rpm pidgin-debuginfo-2.7.9-27.el6.x86_64.rpm finch-2.7.9-27.el6.i686.rpm finch-2.7.9-27.el6.x86_64.rpm finch-devel-2.7.9-27.el6.i686.rpm finch-devel-2.7.9-27.el6.x86_64.rpm libpurple-devel-2.7.9-27.el6.i686.rpm libpurple-devel-2.7.9-27.el6.x86_64.rpm libpurple-perl-2.7.9-27.el6.x86_64.rpm libpurple-tcl-2.7.9-27.el6.x86_64.rpm pidgin-devel-2.7.9-27.el6.i686.rpm pidgin-devel-2.7.9-27.el6.x86_64.rpm pidgin-docs-2.7.9-27.el6.x86_64.rpm pidgin-perl-2.7.9-27.el6.x86_64.rpm i386 libpurple-2.7.9-27.el6.i686.rpm pidgin-2.7.9-27.el6.i686.rpm pidgin-debuginfo-2.7.9-27.el6.i686.rpm finch-2.7.9-27.el6.i686.rpm finch-devel-2.7.9-27.el6.i686.rpm libpurple-devel-2.7.9-27.el6.i686.rpm libpurple-perl-2.7.9-27.el6.i686.rpm libpurple-tcl-2.7.9-27.el6.i686.rpm pidgin-devel-2.7.9-27.el6.i686.rpm pidgin-docs-2.7.9-27.el6.i686.rpm pidgin-perl-2.7.9-27.el6.i686.rpm - Scientific Linux Development Team . Cautious pidgin security notice regarding enhancements for heap memory corruption and service interruption vulnerabilities. Updating is advised.. Pidgin Update, Scientific Linux Advisory, Heap Overflow, Remote Crash. . LinuxSecurity.com Team

Calendar%202 Feb 05, 2014 Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200