ID CVE-2010-0423 Type cve Reporter cve@mitre.org Modified 2017-09-19T01:30:00
Description
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
{"openvas": [{"lastseen": "2017-07-24T12:49:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-1.", "modified": "2017-07-07T00:00:00", "published": "2010-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67339", "id": "OPENVAS:67339", "title": "Debian Security Advisory DSA 2038-1 (pidgin)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2038_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2038-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\nCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\nRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202038-1\";\n\n\nif(description)\n{\n script_id(67339);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 2038-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:05:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-1.", "modified": "2018-01-25T00:00:00", "published": "2010-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067339", "id": "OPENVAS:136141256231067339", "title": "Debian Security Advisory DSA 2038-1 (pidgin)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2038_1.nasl 8528 2018-01-25 07:57:36Z teissa $\n# Description: Auto-generated from advisory DSA 2038-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\nCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\nRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202038-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67339\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 2038-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny6\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-3.", "modified": "2019-03-18T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068661", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068661", "title": "Debian Security Advisory DSA 2038-3 (pidgin)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2038_3.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2038-3 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68661\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"Debian Security Advisory DSA 2038-3 (pidgin)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202038-3\");\n script_tag(name:\"insight\", value:\"The packages for Pidgin released as DSA 2038-2 had a regression, as they\nunintentionally disabled the Silc, Simple, and Yahoo instant messaging\nprotocols. This update restore that functionality. For reference the\noriginal advisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\nCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\nRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your pidgin package.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-3.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny8\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:49:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-2.", "modified": "2017-07-07T00:00:00", "published": "2010-06-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67400", "id": "OPENVAS:67400", "title": "Debian Security Advisory DSA 2038-2 (pidgin)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2038_2.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2038-2 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The packages for Pidgin released as DSA 2038-1 had a regression, as they\nunintentionally disabled the Zephyr instant messaging protocol. This\nupdate restores Zephyr functionality. For reference the original\nadvisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\nCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\nRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202038-2\";\n\n\nif(description)\n{\n script_id(67400);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"Debian Security Advisory DSA 2038-2 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-2.", "modified": "2018-01-17T00:00:00", "published": "2010-06-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067400", "id": "OPENVAS:136141256231067400", "type": "openvas", "title": "Debian Security Advisory DSA 2038-2 (pidgin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2038_2.nasl 8440 2018-01-17 07:58:46Z teissa $\n# Description: Auto-generated from advisory DSA 2038-2 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The packages for Pidgin released as DSA 2038-1 had a regression, as they\nunintentionally disabled the Zephyr instant messaging protocol. This\nupdate restores Zephyr functionality. For reference the original\nadvisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\nCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\nRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202038-2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67400\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"Debian Security Advisory DSA 2038-2 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-3.", "modified": "2017-07-07T00:00:00", "published": "2011-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=68661", "id": "OPENVAS:68661", "title": "Debian Security Advisory DSA 2038-3 (pidgin)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2038_3.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2038-3 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The packages for Pidgin released as DSA 2038-2 had a regression, as they\nunintentionally disabled the Silc, Simple, and Yahoo instant messaging\nprotocols. This update restore that functionality. For reference the\noriginal advisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\nCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\nRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 2038-3.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202038-3\";\n\n\nif(description)\n{\n script_id(68661);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"Debian Security Advisory DSA 2038-3 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-069-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67044", "id": "OPENVAS:67044", "title": "Slackware Advisory SSA:2010-069-01 pidgin ", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_069_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix denial of service issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-069-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-069-01\";\n \nif(description)\n{\n script_id(67044);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-069-01 pidgin \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:11:02", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2017-12-11T00:00:00", "published": "2010-02-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880370", "id": "OPENVAS:880370", "title": "CentOS Update for finch CESA-2010:0115 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2010:0115 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way Pidgin's MSN protocol\n implementation handled MSNSLP invitations. A remote attacker could send a\n specially-crafted INVITE request that would cause a denial of service\n (memory corruption and Pidgin crash). (CVE-2010-0277)\n \n A denial of service flaw was found in Finch's XMPP chat implementation,\n when using multi-user chat. If a Finch user in a multi-user chat session\n were to change their nickname to contain the HTML "br" element, it would\n cause Finch to crash. (CVE-2010-0420)\n \n Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project\n for responsibly reporting the CVE-2010-0420 issue.\n \n A denial of service flaw was found in the way Pidgin processed emoticon\n images. A remote attacker could flood the victim with emoticon images\n during mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n \n These packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release\n notes for a full list of changes: <a rel= &qt nofollow &qt href= &qt http://developer.pidgin.im/wiki/ChangeLog &qt >http://developer.pidgin.im/wiki/ChangeLog</a>\n \n All Pidgin users are advised to upgrade to these updated packages, which\n correct these issues. Pidgin must be restarted for this update to take\n effect.\";\n\ntag_affected = \"finch on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-February/016511.html\");\n script_id(880370);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-22 13:38:33 +0100 (Mon, 22 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0115\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"CentOS Update for finch CESA-2010:0115 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~1.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:22", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880665", "id": "OPENVAS:880665", "title": "CentOS Update for finch CESA-2010:0115 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2010:0115 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way Pidgin's MSN protocol\n implementation handled MSNSLP invitations. A remote attacker could send a\n specially-crafted INVITE request that would cause a denial of service\n (memory corruption and Pidgin crash). (CVE-2010-0277)\n \n A denial of service flaw was found in Finch's XMPP chat implementation,\n when using multi-user chat. If a Finch user in a multi-user chat session\n were to change their nickname to contain the HTML "br" element, it would\n cause Finch to crash. (CVE-2010-0420)\n \n Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project\n for responsibly reporting the CVE-2010-0420 issue.\n \n A denial of service flaw was found in the way Pidgin processed emoticon\n images. A remote attacker could flood the victim with emoticon images\n during mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n \n These packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release\n notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n \n All Pidgin users are advised to upgrade to these updated packages, which\n correct these issues. Pidgin must be restarted for this update to take\n effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-February/016524.html\");\n script_id(880665);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0115\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"CentOS Update for finch CESA-2010:0115 centos5 i386\");\n\n script_summary(\"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:35", "bulletinFamily": "scanner", "description": "Check for the Version of pidgin", "modified": "2018-01-01T00:00:00", "published": "2010-02-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830882", "id": "OPENVAS:1361412562310830882", "title": "Mandriva Update for pidgin MDVSA-2010:041 (pidgin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pidgin MDVSA-2010:041 (pidgin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple security vulnerabilities has been identified and fixed\n in pidgin:\n\n Certain malformed SLP messages can trigger a crash because the MSN\n protocol plugin fails to check that all pieces of the message are\n set correctly (CVE-2010-0277).\n \n In a user in a multi-user chat room has a nickname containing '<br>'\n then libpurple ends up having two users with username ' ' in the room,\n and Finch crashes in this situation. We do not believe there is a\n possibility of remote code execution (CVE-2010-0420).\n \n oCERT notified us about a problem in Pidgin, where a large amount of\n processing time will be used when inserting many smileys into an IM\n or chat window. This should not cause a crash, but Pidgin can become\n unusable slow (CVE-2010-0423).\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\n \n This update provides pidgin 2.6.6, which is not vulnerable to these\n issues.\";\n\ntag_affected = \"pidgin on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00037.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830882\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:041\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_name(\"Mandriva Update for pidgin MDVSA-2010:041 (pidgin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:48", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2038-2 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 17, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0420 CVE-2010-0423\nDebian Bug : 566775 579601\n\nThe packages for Pidgin released as DSA 2038-1 had a regression, as they\nunintentionally disabled the Zephyr instant messaging protocol. This\nupdate restores Zephyr functionality. For reference the original\nadvisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\n Crafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\n Remote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.diff.gz\n Size/MD5 checksum: 72195 fe0a9dd9d55d642dc77c4f7c678522c8\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.dsc\n Size/MD5 checksum: 1784 300f72738867fcd326db7f836ac47d67\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 7019174 3d1e4508e5543441a5d04a31f03b0979\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 193842 b2c75fc6891adad16add69903ce9762d\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 159766 5bb66c4efe6c67eeb33297738799a831\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 133930 c25806d1d9a07c49c5a3b2fd0b83964c\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 277224 c169cf3a82bb6a0faf1d285a7377b695\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 1501864 9aa23188e1610834d035e88fd30308b8\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 369772 a8eb912226cf47f5f74892f0b1110cc4\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 776646 bf0f80658559ab3e4c22356dd47d809d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 4989752 30e054746fff6d56a9e3b288039ff6c9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 727950 57554918978a95ea250a8494c9aab433\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 1429960 2779007da91fe74a1304f3263cd7d53e\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 348100 d01043df40ed1861c63043b44289984d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 5101892 af2ea1456eb390f3930e6164108a9c7f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 316624 290e5d8fa14bcc09dde3ce6d326d84bd\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 657416 1997d30109a1c86c6c8979ff2e0511ee\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 4835872 9f2aaef6679c3b2e27a73240799a7ffa\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 1239516 640fd3ff6c91ac45820581df86965af8\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 668000 b0bc286a8e2d74a033ac69b5ed234e6e\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 1243880 88c529b8e9178969c3a3a13e1a8e3230\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 319962 72d956d2c3b6b04dc0aed07e6d99e944\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 4851712 6134571c92b5495489555c01fc4a6d51\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 1522820 023def8c7a3051e1d15030347c99e99d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 752858 43129b10ef60136293b349614a662972\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 4943738 9cc7aee5d06445b07cceb81efa3ba30d\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 360748 353f5caf6903c89a3bdd482dd6a520e6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 681390 82c10195fb937a47a113940fa93dbdb5\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 4837960 416ddcf7b18e7b2a474fa56731a93f7b\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 326994 06bb2fefdc9ea9dce38a5481f33dcdf5\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 1317496 9218b0b46b8716781d80133e77194170\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 1821990 87c03b5c08d97b8c8ae2a573ecd3cecb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 435010 22dee93a1714c2654ec0dfaa8705cfe2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 4706272 6e0b0c3291dceb229522e1de229e3361\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 948766 ddf4cff0ac25735e5d18edcbeb970bf4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 1117676 eb4a88cc934233faafebdcebc1171bc3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 319576 4ad4d7a878a0d5daaff189da549c4638\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 5087780 9ebfc36f1749b61ab7a4fe70d0770f88\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 654936 d63bd6a67138596ef85b7a3259fceee7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 4999390 ad6121a42731cb360d76b6fe67180924\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 318598 8b0b8f40209b828098f6ed000c517f65\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 1108760 4e9f79966b7fa0df677a1a5952488e62\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 651474 7b24d4210caaf4d27b9b3863393bffd6\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 1470622 c51b3531cc31005e58feac25f8606bd3\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 5052846 986c8a8ac0ccd3399393bceda957656f\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 362770 f00c1a33b3598333dfc4ae9d61bf1d83\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 755104 ae81b0387a32b162fb30ac425dc4ad43\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 5014182 c093e4c7e6e3b6132a8145a35e88c3fb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 359260 919eb5ad29cb280d84ef36b2c45273b9\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 1351418 a94314c09692e3a9350b8bd1684843bc\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 718026 52121ab6cf237545c29f10826b98894b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 4639296 f38822c989d40d124d82abc53ae42d38\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 328662 f5fe4eb9c81b2aa8d335b983288902dd\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 683246 d37d198e8bb1d5c3f98521dcc0a43c24\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 1323820 54026420c5be2e153e7a8ffbcb70b5cd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-05-17T20:38:16", "published": "2010-05-17T20:38:16", "id": "DEBIAN:DSA-2038-2:EA613", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00089.html", "title": "[SECURITY] [DSA 2038-2] New pidgin packages fix regression", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:43", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2038-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nApril 18, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0420 CVE-2010-0423\nDebian Bug : 566775\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\n\tCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\n\tRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc\n Size/MD5 checksum: 1784 f640f8119ef901c7be009232c6dfee05\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz\n Size/MD5 checksum: 72144 85217de41bcd069748eb441886cdfab9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 7019074 1c79c0da4c115e2699d577b957c4e541\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 159726 c657bace836fb1d4f3c04c57bdcd7e19\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 133894 49e2b54dcad5a2b40705478118da2d72\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 277220 9517eadf780382575efcd57ba9dc308b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 193802 b05666d23964d0d28646dc49a85de940\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 1477324 c6c9e6753f98159748b9e0116bb40df3\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 776550 1334935aee6756fdc1b6e1702cabe0b3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 369734 f54c236b4aa7e94d33da983f042bd82b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 4952616 ac34a66c4b19a7dd23b1fa0240c07f97\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 727918 e6447c0efc4f5c490bc806f00840b075\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 1406192 68711767e43c6a0722b8b4d5ed59843a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 5067988 c430e8ff4e8b13830c71da4f6948a4f6\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 348062 042092eae5df409b1b39ae96a6a5b856\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 1217972 2b2879660723d31097c9a535e14c177d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 657362 27313370246e22f31b6439981062dda7\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 316578 36a170a849ca166bcfe9b457f85b9cdb\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 4799502 e4689175bb1d17cb942ed50c7d091315\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 668088 714b556255126c810659f203ffb93db1\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 1221012 bbcb58abd9f04c1ba2df16bfce74e29c\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 319790 b7c9ae4c8cfe107744523c44926375a4\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 4821838 ca27cf7101ca23de2ab36cd0c21360d0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 1495046 d445e1cb5e3500fc9970b1099ba14227\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 754250 64d22a1f7c7b9c920360f325749ab0fe\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 361568 d77edf95828aec4d0347f548e0b0a108\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 4906668 1208501055cffef75023543a72c956ce\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 4809696 f6df7ed8178ad450886c4d19284e1c04\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 326412 fb3dff6c0627b67e9710630906c770a9\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 1290792 b0eaca04079ad13798d350ec18ad41b5\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 679712 d946170d5d259c120f909285c48294fb\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 4669414 5273183a49a9b6e334963816871d6ce0\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 434978 e4750a60b59c31a868dd0ebda33c96f2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 948754 2b9ce7e253458ce9f7511ba26ece0b90\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 1789606 a2e654bacaaaef9fece43aaa2e33b420\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 654450 edbc24d8f35a894a3d301a751d2d8977\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 1096044 d88283ec19ea5d867e7d28325744d8fb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 318672 ed52e8ecafb8e410eab3194914b4014d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 5054324 9ddbd413029130c610512f25aa230553\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 651410 89e26238fc91f1f75376d29a009cd751\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 318572 4992c5f4f4bce500db6b3792295ad0c2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 4963322 2d397b0c64352a1a1e94534c0d0cf4de\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 1086788 afb54d1620a692cb6273dbb9e3a67908\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 5014910 acaaacb4532ae1176e628b23aaae74fe\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 362722 2824883e0fb35a6b758d89188d0be39d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 755056 890358f5bc3215a5ab59609d8bd0c1d1\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 1445264 d5961438dc2a8c4798e815009792fab5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 1326506 9a6b8060e2710587d17477c4b976922a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 717976 970f51fbc28082cc53af9ddc1bb183c1\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 359214 3eca65b1913b2db015f7d5c75157e5c6\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 4977082 e7bfcd7d662c5c41d860baabddac9c37\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 1302702 f550e43bfd0aa9bf89d6768eb2bf3966\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 329408 54fdcf6f005a936007201e8ef5a49e4c\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 4611594 b6124b51dd98dba2e1194295fc46002e\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 683284 f744d4b6e674fff37a0e00c1656db64e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-04-18T15:47:35", "published": "2010-04-18T15:47:35", "id": "DEBIAN:DSA-2038-1:A8845", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00078.html", "title": "[SECURITY] [DSA 2038-1] New pidgin packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:01", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2038-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 13, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0420 CVE-2010-0423\nDebian Bug : 566775 579601\n\nThe packages for Pidgin released as DSA 2038-2 had a regression, as they\nunintentionally disabled the Silc, Simple, and Yahoo instant messaging\nprotocols. This update restore that functionality. For reference the\noriginal advisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\n Crafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\n Remote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.diff.gz\n Size/MD5 checksum: 72269 0119701838d8ad1cdeac7ce4c91bae65\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.dsc\n Size/MD5 checksum: 1769 ad33ad23693b546e86e0912e88a4ea12\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 278150 84022a327404419ae540f3f3bc427e3b\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 133688 16372c01693c7744ff48f411aaaac5a2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 7014900 c2c210652333d77e3573be4a8a699c9b\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 159954 51bde77053b4ea6e14b1442bf1a1607d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 194580 a7dde485b3f5d3e4893ceb2a22ee47aa\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 5315572 1cf0367c5e3881549bac1a4fe45aa5eb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 371260 ba6898cf2c154319bffcc9cd6d4cd4a7\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 777478 228be5cdb1f26820e5f5348096f3c3ee\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 1719898 c04983751b915ceeef5a2d884edddcfd\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 1633712 927a05948c7ea50b4ff1515820495093\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 347692 4bea6a2d558defbfc9cf1bee25ec4a4d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 727282 b148a28348d91d43e78b02798893bb6a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 5428234 ab7cc975d13b3abd8faa2498896d8d44\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 5118248 e2f34bded56a07650f91e119cd739c7b\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 315658 18a22ae56dab911aa7c8667db51afbc4\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 655810 200950fcc1f558d92e50fda7f494ea0b\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 1422998 1e4c635bdba06539a081b1c6f422b1d2\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 1430694 4c96fa5a80593ddf0c3e4f998173bdcf\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 667108 330bd6dcb19da7bb1ce21013f035ae32\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 5152254 6b61008ee4337db73612d4943ed756e6\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 319130 56c3e97232ceb5fed1688dff1c6b07f2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 5249334 f9380ac4d099646026092869254f36af\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 360850 31898206d949ddd8a0645e756700e5e6\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 752928 5668adccc2caf428e04b35adad06753a\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 1741168 32a16b666040fd28dad3a50cb2508edd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 5142098 46afbb8656ef35617b90e5272ff4fb0f\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 326492 8ffe29c959a8494c2421a0aa2f4f4d32\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 679860 9588d20c33677a0acfffce3a98c97280\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 1506712 e324dae1d982241abb5537b719a4831a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 5000868 ae42b44a76ecb3558c5a2e5db5f19e2a\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 2087484 b7bc9718fd1ef427eb763a34c34b900b\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 435108 aa579727d0272a8fb8968bfa6e4062a7\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 948900 9f829afda7629eeca4f38bb043f20676\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 1304070 c57c7afa0b340b070bc2f54f340549a3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 320686 c3a2186b1f6037b7fd66bdef4e47e26b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 656496 8b848d690917eab703a60698a3be2e1f\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 5409338 e7fbcb9776703eb244a79fcb363adbbd\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 1291760 7fb32d3297f440c73e964081860e460e\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 318700 e5baa0a06a8900638e3088b9879b1923\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 5306128 762422060524ce5019abe682005dd273\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 651552 892ac43fc97903793d60239843524bc7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 1682748 37529f1ef367a5e984aa027c5f270d8b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 757670 9a9aef7b7215ba897e731e0dc1c2e645\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 362828 f2482932f44d26f9878d1943e24fbb6a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 5360552 12cef47bcab4db9af3071cb31ce1c4f9\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 5331892 1de914be4947ec1f1d4e9f029f350480\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 360378 e9bb6c133cb59909e1418fae60245352\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 719338 795beea30a9d2d289ebbd9e2ffc0f286\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 1562530 186ca2624c320ef40cfcf309bd6bcf32\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 683482 7e54e2b074c6d6ad4a1fb28a070009f2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 4921794 c712395d28b865aab3ede218504c7ae4\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 329552 591579e595077a26fc6616302723bfe7\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 1513948 68603d70bc41cb6f300a85ad9b0454df\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-11-13T19:37:43", "published": "2010-11-13T19:37:43", "id": "DEBIAN:DSA-2038-3:0AAAE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00175.html", "title": "[SECURITY] [DSA 2038-3] New pidgin packages fix regression", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:27", "bulletinFamily": "unix", "description": "Jan Wagner uploaded a new package for pidgin which fixed the following\nsecurity problem:\n\nCVE-2010-0277[2] and Debian Bug #566775[3]\n\n It was discovered that that slp.c in the MSN protocol plugin in libpurple in \n Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to cause a denial of \n service (memory corruption) or possibly have unspecified other impact via \n unknown vectors, a different issue than CVE-2010-0013.\n\nCVE-2010-0420[4]\n\n Fixes a remote Finch XMPP crash.\n\nCVE-2010-0423[5]\n\n Fixes a remote smiley freeze/CPU pegging DoS.\n\nFor the sid distribution the problem has been fixed in\nversion 2.6.6-1.\n\nUpgrade instructions\n---------------------\n\nIf you don't use pinning (see [1]) you have to update pidgin\nmanually via "apt-get -t lenny-backports install pidgin".\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\nPackage: *\nPin: release a=lenny-backports\nPin-Priority: 200\n\n[1] <http://backports.org/dokuwiki/doku.php?id=instructions>\n[2] http://security-tracker.debian.org/tracker/CVE-2010-0277\n[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775\n[4] http://security-tracker.debian.org/tracker/CVE-2010-0420\n[5] http://security-tracker.debian.org/tracker/CVE-2010-0423\n", "modified": "2010-02-18T22:27:39", "published": "2010-02-18T22:27:39", "id": "DEBIAN:9869F46A42CB60CD086621054B28E8AA:B48BC", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201002/msg00005.html", "title": "[Backports-security-announce] Security Update for pidgin", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:13:17", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\n - CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2038.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45560", "published": "2010-04-19T00:00:00", "title": "Debian DSA-2038-1 : pidgin - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2038. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45560);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_xref(name:\"DSA\", value:\"2038\");\n\n script_name(english:\"Debian DSA-2038-1 : pidgin - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2010-0420\n Crafted nicknames in the XMPP protocol can crash Pidgin\n remotely.\n\n - CVE-2010-0423\n Remote contacts may send too many custom smilies,\n crashing Pidgin.\n\nSince a few months, Microsoft's servers for MSN have changed the\nprotocol, making Pidgin non-functional for use with MSN. It is not\nfeasible to port these changes to the version of Pidgin in Debian\nLenny. This update formalises that situation by disabling the protocol\nin the client. Users of the MSN protocol are advised to use the\nversion of Pidgin in the repositories of www.backports.org.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2038\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pidgin package.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"finch\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"finch-dev\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple-bin\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple-dev\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple0\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-data\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-dbg\", reference:\"2.4.3-4lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-dev\", reference:\"2.4.3-4lenny6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:03", "bulletinFamily": "scanner", "description": "Multiple security vulnerabilities has been identified and fixed in pidgin :\n\nCertain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277).\n\nIn a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420).\n\noCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers.\n\nThis update provides pidgin 2.6.6, which is not vulnerable to these issues.", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2010-041.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44664", "published": "2010-02-19T00:00:00", "title": "Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:041. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44664);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_xref(name:\"MDVSA\", value:\"2010:041\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities has been identified and fixed in\npidgin :\n\nCertain malformed SLP messages can trigger a crash because the MSN\nprotocol plugin fails to check that all pieces of the message are set\ncorrectly (CVE-2010-0277).\n\nIn a user in a multi-user chat room has a nickname containing '<br>'\nthen libpurple ends up having two users with username ' ' in the room,\nand Finch crashes in this situation. We do not believe there is a\npossibility of remote code execution (CVE-2010-0420).\n\noCERT notified us about a problem in Pidgin, where a large amount of\nprocessing time will be used when inserting many smileys into an IM or\nchat window. This should not cause a crash, but Pidgin can become\nunusable slow (CVE-2010-0423).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update provides pidgin 2.6.6, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64finch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfinch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-bonjour\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-silc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"finch-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-bonjour-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-client-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-gevolution-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-i18n-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-meanwhile-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-mono-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-perl-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-plugins-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-silc-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-tcl-2.6.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"finch-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-bonjour-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-client-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-gevolution-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-i18n-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-meanwhile-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-mono-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-perl-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-plugins-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-silc-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-tcl-2.6.6-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"finch-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-bonjour-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-client-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-gevolution-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-i18n-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-meanwhile-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-mono-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-perl-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-plugins-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-silc-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-tcl-2.6.6-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:03", "bulletinFamily": "scanner", "description": "Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect.", "modified": "2018-11-28T00:00:00", "id": "REDHAT-RHSA-2010-0115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44666", "published": "2010-02-19T00:00:00", "title": "RHEL 4 / 5 : pidgin (RHSA-2010:0115)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0115. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44666);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2018/11/28 11:42:04\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_xref(name:\"RHSA\", value:\"2010:0115\");\n\n script_name(english:\"RHEL 4 / 5 : pidgin (RHSA-2010:0115)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could\nsend a specially crafted INVITE request that would cause a denial of\nservice (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat\nimplementation, when using multi-user chat. If a Finch user in a\nmulti-user chat session were to change their nickname to contain the\nHTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin\nproject for responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed\nemoticon images. A remote attacker could flood the victim with\nemoticon images during mutual communication, leading to excessive CPU\nuse. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages,\nwhich correct these issues. Pidgin must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0115\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0115\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:03", "bulletinFamily": "scanner", "description": "Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2010-0115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44671", "published": "2010-02-22T00:00:00", "title": "CentOS 4 / 5 : pidgin (CESA-2010:0115)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0115 and \n# CentOS Errata and Security Advisory 2010:0115 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44671);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_xref(name:\"RHSA\", value:\"2010:0115\");\n\n script_name(english:\"CentOS 4 / 5 : pidgin (CESA-2010:0115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could\nsend a specially crafted INVITE request that would cause a denial of\nservice (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat\nimplementation, when using multi-user chat. If a Finch user in a\nmulti-user chat session were to change their nickname to contain the\nHTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin\nproject for responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed\nemoticon images. A remote attacker could flood the victim with\nemoticon images during mutual communication, leading to excessive CPU\nuse. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages,\nwhich correct these issues. Pidgin must be restarted for this update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016511.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe9e6235\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016512.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bc58a86\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016523.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ef0b6bd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-February/016524.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4d38f68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-1.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.6.6-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:13", "bulletinFamily": "scanner", "description": "CVE-2010-0277 pidgin MSN protocol plugin memory corruption\n\nCVE-2010-0420 pidgin: Finch XMPP MUC Crash\n\nCVE-2010-0423 pidgin: Smiley Denial of Service\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nA denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nPidgin must be restarted for this update to take effect.", "modified": "2019-01-02T00:00:00", "id": "SL_20100218_PIDGIN_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60738", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60738);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/01/02 10:36:43\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-0277 pidgin MSN protocol plugin memory corruption\n\nCVE-2010-0420 pidgin: Finch XMPP MUC Crash\n\nCVE-2010-0423 pidgin: Smiley Denial of Service\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could\nsend a specially crafted INVITE request that would cause a denial of\nservice (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat\nimplementation, when using multi-user chat. If a Finch user in a\nmulti-user chat session were to change their nickname to contain the\nHTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nA denial of service flaw was found in the way Pidgin processed\nemoticon images. A remote attacker could flood the victim with\nemoticon images during mutual communication, leading to excessive CPU\nuse. (CVE-2010-0423)\n\nPidgin must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1002&L=scientific-linux-errata&T=0&P=1520\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f15af321\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"finch-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"finch-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-perl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-tcl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-perl-2.6.6-1.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"finch-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"finch-devel-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-devel-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-perl-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-tcl-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-devel-2.6.6-1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-perl-2.6.6-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:18", "bulletinFamily": "scanner", "description": "Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows :\n\nPidgin can become unresponsive when displaying large numbers of smileys\n\nCertain nicknames in group chat rooms can trigger a crash in Finch\n\nFailure to validate all fields of an incoming message can trigger a crash", "modified": "2018-12-05T00:00:00", "id": "FREEBSD_PKG_A2C4D3D54C7B11DF83FB0015587E2CC1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45585", "published": "2010-04-21T00:00:00", "title": "FreeBSD : pidgin -- multiple remote denial of service vulnerabilities (a2c4d3d5-4c7b-11df-83fb-0015587e2cc1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45585);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n\n script_name(english:\"FreeBSD : pidgin -- multiple remote denial of service vulnerabilities (a2c4d3d5-4c7b-11df-83fb-0015587e2cc1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three denial of service vulnerabilities where found in pidgin and\nallow remote attackers to crash the application. The developers\nsummarized these problems as follows :\n\nPidgin can become unresponsive when displaying large numbers of\nsmileys\n\nCertain nicknames in group chat rooms can trigger a crash in Finch\n\nFailure to validate all fields of an incoming message can trigger a\ncrash\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=43\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=45\"\n );\n # https://vuxml.freebsd.org/freebsd/a2c4d3d5-4c7b-11df-83fb-0015587e2cc1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c885a8c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"pidgin<2.6.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libpurple<2.6.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:09", "bulletinFamily": "scanner", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix denial of service issues.", "modified": "2019-01-02T00:00:00", "id": "SLACKWARE_SSA_2010-069-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45024", "published": "2010-03-11T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-069-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-069-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45024);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_xref(name:\"SSA\", value:\"2010-069-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-069-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, and -current to fix denial of service issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.458630\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e7adbdf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.6.6\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:04", "bulletinFamily": "scanner", "description": "Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)\n\nSadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420)\n\nAntti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-23T00:00:00", "id": "UBUNTU_USN-902-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44688", "published": "2010-02-23T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-902-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44688);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/23 12:49:58\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_xref(name:\"USN\", value:\"902-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fabian Yamaguchi discovered that Pidgin incorrectly validated all\nfields of an incoming message in the MSN protocol handler. A remote\nattacker could send a specially crafted message and cause Pidgin to\ncrash, leading to a denial of service. (CVE-2010-0277)\n\nSadrul Habib Chowdhury discovered that Pidgin incorrectly handled\ncertain nicknames in Finch group chat rooms. A remote attacker could\nuse a specially crafted nickname and cause Pidgin to crash, leading to\na denial of service. (CVE-2010-0420)\n\nAntti Hayrynen discovered that Pidgin incorrectly handled large\nnumbers of smileys. A remote attacker could send a specially crafted\nmessage and cause Pidgin to become unresponsive, leading to a denial\nof service. (CVE-2010-0423).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/902-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch-dev\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gaim\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-bin\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-dev\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple0\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin\", pkgver:\"1:2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-data\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dev\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"finch\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"finch-dev\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple-bin\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple-dev\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple0\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin\", pkgver:\"1:2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-data\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-dev\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"finch\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"finch-dev\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple-bin\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple-dev\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple0\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin\", pkgver:\"1:2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-data\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-dev\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"finch\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"finch-dev\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple-bin\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple-dev\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple0\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin\", pkgver:\"1:2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-data\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-dev\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-dev / gaim / libpurple-bin / libpurple-dev / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:31", "bulletinFamily": "scanner", "description": "2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2010-1934.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47286", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : pidgin-2.6.6-1.fc13 (2010-1934)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1934.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47286);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_xref(name:\"FEDORA\", value:\"2010-1934\");\n\n script_name(english:\"Fedora 13 : pidgin-2.6.6-1.fc13 (2010-1934)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"2.6.6 with security and numerous minor bug fixes CVE-2010-0277\nCVE-2010-0420 CVE-2010-0423\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=554335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565792\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c03fc1a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"pidgin-2.6.6-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:25", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2010:0115 :\n\nUpdated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2010-0115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68001", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : pidgin (ELSA-2010-0115)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0115 and \n# Oracle Linux Security Advisory ELSA-2010-0115 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68001);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_xref(name:\"RHSA\", value:\"2010:0115\");\n\n script_name(english:\"Oracle Linux 4 : pidgin (ELSA-2010-0115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0115 :\n\nUpdated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could\nsend a specially crafted INVITE request that would cause a denial of\nservice (memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat\nimplementation, when using multi-user chat. If a Finch user in a\nmulti-user chat session were to change their nickname to contain the\nHTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin\nproject for responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed\nemoticon images. A remote attacker could flood the victim with\nemoticon images during mutual communication, leading to excessive CPU\nuse. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages,\nwhich correct these issues. Pidgin must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-February/001363.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"finch-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.6.6-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.6.6-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "unix", "description": "[2.6.6-1]\n- 2.6.6 with security and numerous minor bug fixes\n CVE-2010-0277 CVE-2010-0420 CVE-2010-0423\n- Bug #528796: Get rid of #!/usr/bin/env python ", "modified": "2010-02-18T00:00:00", "published": "2010-02-18T00:00:00", "id": "ELSA-2010-0115", "href": "http://linux.oracle.com/errata/ELSA-2010-0115.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:21", "bulletinFamily": "unix", "description": "Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)\n\nSadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420)\n\nAntti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423)", "modified": "2010-02-22T00:00:00", "published": "2010-02-22T00:00:00", "id": "USN-902-1", "href": "https://usn.ubuntu.com/902-1/", "title": "Pidgin vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "description": "Memory corruption on SLP (MSN) messages parsing. Multiple DoS conditions.", "modified": "2010-02-19T00:00:00", "published": "2010-02-19T00:00:00", "id": "SECURITYVULNS:VULN:10632", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10632", "title": "Pidgin / Adium messenger multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:041\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : February 18, 2010\r\n Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple security vulnerabilities has been identified and fixed\r\n in pidgin:\r\n \r\n Certain malformed SLP messages can trigger a crash because the MSN\r\n protocol plugin fails to check that all pieces of the message are\r\n set correctly (CVE-2010-0277).\r\n \r\n In a user in a multi-user chat room has a nickname containing '<br>'\r\n then libpurple ends up having two users with username ' ' in the room,\r\n and Finch crashes in this situation. We do not believe there is a\r\n possibility of remote code execution (CVE-2010-0420).\r\n \r\n oCERT notified us about a problem in Pidgin, where a large amount of\r\n processing time will be used when inserting many smileys into an IM\r\n or chat window. This should not cause a crash, but Pidgin can become\r\n unusable slow (CVE-2010-0423).\r\n \r\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\r\n customers.\r\n \r\n This update provides pidgin 2.6.6, which is not vulnerable to these\r\n issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 7b6b149b6d3b66ac216ffdb39366d122 2008.0/i586/finch-2.6.6-0.1mdv2008.0.i586.rpm\r\n f8ef6b0bfb06eb0617fe0056b61838fc 2008.0/i586/libfinch0-2.6.6-0.1mdv2008.0.i586.rpm\r\n c9f08705a68c551450888cbd383f8e56 2008.0/i586/libpurple0-2.6.6-0.1mdv2008.0.i586.rpm\r\n fbfd67f6c3e9f70d3f6f67bbec3bb4aa 2008.0/i586/libpurple-devel-2.6.6-0.1mdv2008.0.i586.rpm\r\n 6d755e7a06ffc9448284b8c4eb740ea1 2008.0/i586/pidgin-2.6.6-0.1mdv2008.0.i586.rpm\r\n 832a2337f06dca86d03bd63700a0b6fc 2008.0/i586/pidgin-bonjour-2.6.6-0.1mdv2008.0.i586.rpm\r\n 4aae5ff624474b1a3ab1881fcaefa8a6 2008.0/i586/pidgin-client-2.6.6-0.1mdv2008.0.i586.rpm\r\n 7efd3e7f89696fee9bbe296a670e9df9 2008.0/i586/pidgin-gevolution-2.6.6-0.1mdv2008.0.i586.rpm\r\n 8f5738068a81d1ffe99d59899713d16a 2008.0/i586/pidgin-i18n-2.6.6-0.1mdv2008.0.i586.rpm\r\n 58a0e6335b9c96521f59c91a85345e01 2008.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2008.0.i586.rpm\r\n 3ac4042242d37f433273ab51a1cb4c0b 2008.0/i586/pidgin-mono-2.6.6-0.1mdv2008.0.i586.rpm\r\n 6da48c44f958ffb67455d8f509666c10 2008.0/i586/pidgin-perl-2.6.6-0.1mdv2008.0.i586.rpm\r\n e91b445d44e9f91a2ec01a810a4c38a8 2008.0/i586/pidgin-plugins-2.6.6-0.1mdv2008.0.i586.rpm\r\n c8e71cea5a86ebcb8c7ed9d6dac24b6e 2008.0/i586/pidgin-silc-2.6.6-0.1mdv2008.0.i586.rpm\r\n e7c31cba54af11f0edb6751bd7588020 2008.0/i586/pidgin-tcl-2.6.6-0.1mdv2008.0.i586.rpm \r\n 70ad21797df8b08cbfb58fc68eb4a8cf 2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n c9e7f9564baccc6bc287efca970e38d5 2008.0/x86_64/finch-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 4fd49c393a4088afa297fe4a81ca65b3 2008.0/x86_64/lib64finch0-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 2b40ea32871b376e4dd73f49ec2a36d7 2008.0/x86_64/lib64purple0-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 05503a1c0b1bbd012f3189787e09f3e5 2008.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n e3d4bc963da791a4a5dc8045d31f0c54 2008.0/x86_64/pidgin-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n bcae488fe843bb895bba2ad5b18e86bc 2008.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n e168b0d56e10dfe2c876702faa408f7e 2008.0/x86_64/pidgin-client-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 0715caa8f7089f61d33d92713b269324 2008.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 5e951d56643525136acf0da0e5f7f21e 2008.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 11d8b84a808c378a20643b4804df07f9 2008.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 8363da50ff8fc2e1308f6cb4a0232a57 2008.0/x86_64/pidgin-mono-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n a9deb37c4c307cf813bd4e9b623ec887 2008.0/x86_64/pidgin-perl-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 212ed915b101ddcbbfbb6d16b3b2e16c 2008.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 3d844afe270123a03624936762f6d933 2008.0/x86_64/pidgin-silc-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 7c311ac8a7ceec13d4933a4840c2c3a9 2008.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2008.0.x86_64.rpm \r\n 70ad21797df8b08cbfb58fc68eb4a8cf 2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n cb7a40ecc6ae8dd5a35d16f892be6837 2009.1/i586/finch-2.6.6-0.1mdv2009.1.i586.rpm\r\n 82db17cb68dddce64cffb125da531871 2009.1/i586/libfinch0-2.6.6-0.1mdv2009.1.i586.rpm\r\n 5ed7e9c7503ec5a860bcb4a08a1dfc52 2009.1/i586/libpurple0-2.6.6-0.1mdv2009.1.i586.rpm\r\n 3c7e67bede967dc9a75e67f5ba0d4682 2009.1/i586/libpurple-devel-2.6.6-0.1mdv2009.1.i586.rpm\r\n 1c9490f205ef22d235c62ec8919eb9f5 2009.1/i586/pidgin-2.6.6-0.1mdv2009.1.i586.rpm\r\n 02a7a3b4f7c329a27445c27661ca1589 2009.1/i586/pidgin-bonjour-2.6.6-0.1mdv2009.1.i586.rpm\r\n 432ea2a9fb79a07e7490f6ab832613e7 2009.1/i586/pidgin-client-2.6.6-0.1mdv2009.1.i586.rpm\r\n e31b2a2b667dacbdc918e8b5dbcff996 2009.1/i586/pidgin-gevolution-2.6.6-0.1mdv2009.1.i586.rpm\r\n 4b0c2b039dd58992507ca2f0bb801b22 2009.1/i586/pidgin-i18n-2.6.6-0.1mdv2009.1.i586.rpm\r\n 9e39513f6310f39999bb4645545fc5c7 2009.1/i586/pidgin-meanwhile-2.6.6-0.1mdv2009.1.i586.rpm\r\n 0e7787c636f4f30cba7ad4d863fb720c 2009.1/i586/pidgin-mono-2.6.6-0.1mdv2009.1.i586.rpm\r\n 2df8fbea4fa43b7cfbda29241614907f 2009.1/i586/pidgin-perl-2.6.6-0.1mdv2009.1.i586.rpm\r\n ab2a3d17c627da8e0f445de8f6a1f371 2009.1/i586/pidgin-plugins-2.6.6-0.1mdv2009.1.i586.rpm\r\n fed0dc5e71e51bda6e1c6e5dc4296883 2009.1/i586/pidgin-silc-2.6.6-0.1mdv2009.1.i586.rpm\r\n 010fe45d263e609656af0c3b5235d9a1 2009.1/i586/pidgin-tcl-2.6.6-0.1mdv2009.1.i586.rpm \r\n 1a90d8b3989e31ab9d1769b454de8a42 2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 21abb5508ce03d26b88b942af4e14a4f 2009.1/x86_64/finch-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n c308a1b01304d63cd58dbabcab49119b 2009.1/x86_64/lib64finch0-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n cf0c32085702b936a1f69e1caa6e2dcc 2009.1/x86_64/lib64purple0-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 232104e2b9bb0c66aa774f365a45b2ad 2009.1/x86_64/lib64purple-devel-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 8043caea0b17e2de041c4ae0465d90ea 2009.1/x86_64/pidgin-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 0f6c55a69562a532b1100670571c3b26 2009.1/x86_64/pidgin-bonjour-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n c09462c1ef04b6ddc0223a02ccdb166f 2009.1/x86_64/pidgin-client-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 6ac732d589d33f7181ea8dadbfd9942e 2009.1/x86_64/pidgin-gevolution-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 0fa53c5e0337129d90d774726dee4125 2009.1/x86_64/pidgin-i18n-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 93457954dbd33a99f42bad1a0a98c109 2009.1/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 05fecf234348f4d4397fc2e48f1be04e 2009.1/x86_64/pidgin-mono-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 033f93c6dc9298e5f3dc0fa89c587b9b 2009.1/x86_64/pidgin-perl-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 664e601cd561b106c0a158a648492528 2009.1/x86_64/pidgin-plugins-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 95ed0f1bfd9baba0e23cb0c50d3757b7 2009.1/x86_64/pidgin-silc-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 52828745a279468c82975af28a385151 2009.1/x86_64/pidgin-tcl-2.6.6-0.1mdv2009.1.x86_64.rpm \r\n 1a90d8b3989e31ab9d1769b454de8a42 2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 1c29f9d4c4f6f4cfbc0944bceeb6668b 2010.0/i586/finch-2.6.6-0.1mdv2010.0.i586.rpm\r\n 29bfd28b9aea472156e5a9de553bc1b7 2010.0/i586/libfinch0-2.6.6-0.1mdv2010.0.i586.rpm\r\n 496a494ab167a8bfb6dee5928e5b34e1 2010.0/i586/libpurple0-2.6.6-0.1mdv2010.0.i586.rpm\r\n 6b0f5a9b3baa507fceab913a4f048047 2010.0/i586/libpurple-devel-2.6.6-0.1mdv2010.0.i586.rpm\r\n 385680fa424f34569f8c0c6f3dee4f4a 2010.0/i586/pidgin-2.6.6-0.1mdv2010.0.i586.rpm\r\n c07570c72eb5679964a16e40328f78cc 2010.0/i586/pidgin-bonjour-2.6.6-0.1mdv2010.0.i586.rpm\r\n bed045f942b8581a8f218070eab86dd0 2010.0/i586/pidgin-client-2.6.6-0.1mdv2010.0.i586.rpm\r\n 50c4dacdb01d054ab5e0b80309704cb7 2010.0/i586/pidgin-gevolution-2.6.6-0.1mdv2010.0.i586.rpm\r\n ab3939b75120e531e60e312a385533ff 2010.0/i586/pidgin-i18n-2.6.6-0.1mdv2010.0.i586.rpm\r\n 149b333453e1126a3b4641e19906c88f 2010.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2010.0.i586.rpm\r\n 29d5d75e9d84ada8fb82ce176f782226 2010.0/i586/pidgin-mono-2.6.6-0.1mdv2010.0.i586.rpm\r\n 01443fc929ffd95481bae32ad4399819 2010.0/i586/pidgin-perl-2.6.6-0.1mdv2010.0.i586.rpm\r\n 84781f1d515702edad903793a867fd23 2010.0/i586/pidgin-plugins-2.6.6-0.1mdv2010.0.i586.rpm\r\n 3c1828e4cde8c0c36cdc6b242642d3a8 2010.0/i586/pidgin-silc-2.6.6-0.1mdv2010.0.i586.rpm\r\n cfb8a979ecb4af00249c9ea1586ba43b 2010.0/i586/pidgin-tcl-2.6.6-0.1mdv2010.0.i586.rpm \r\n 179fe3c8d4d38eadee60cbfb51aeb19c 2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 6eaad34c716bbdd7fa01c5feed445f76 2010.0/x86_64/finch-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ab025b0de4c4a7d8047309c2d94ce0c0 2010.0/x86_64/lib64finch0-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ff08767b311b4cd0fae4b756a86c4787 2010.0/x86_64/lib64purple0-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ca65fc197deb32c6e8b05c67c457c66b 2010.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 32dd77d13f9d18480a44d9e711e6fe53 2010.0/x86_64/pidgin-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 169a880508c91e1a4444c546776fcd00 2010.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 6bcdf650c31b3092992e943e7b2aa070 2010.0/x86_64/pidgin-client-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 2afdef1f1fc09373856b65d7f71e8621 2010.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 6a4a9fb474d69168216e72331ad6ad9c 2010.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 7edfcfbe7a2ce9a6b01232558f641ec7 2010.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ec35aac66e974579e06fbb6057a6df31 2010.0/x86_64/pidgin-mono-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 20e61a99135d61b0deb910648b78923e 2010.0/x86_64/pidgin-perl-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ae9cdc960d4edc6c8bc1854250203036 2010.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n b80ea4263b63cfc34dd4009ee362090b 2010.0/x86_64/pidgin-silc-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 3d3ade5b5518b513edc78d1b12a4073c 2010.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2010.0.x86_64.rpm \r\n 179fe3c8d4d38eadee60cbfb51aeb19c 2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 149dcd26bf531e6ee3e75b3eccc0b9ba mes5/i586/finch-2.6.6-0.1mdvmes5.i586.rpm\r\n 1a10b71c66ed39bdd40846721fb0a87b mes5/i586/libfinch0-2.6.6-0.1mdvmes5.i586.rpm\r\n 6929c7486d4d242eb4c1bb3c11d2a945 mes5/i586/libpurple0-2.6.6-0.1mdvmes5.i586.rpm\r\n 1d2539414922b39bc00b62755ddaa816 mes5/i586/libpurple-devel-2.6.6-0.1mdvmes5.i586.rpm\r\n 732cba3fd4e87cd9b8b619c5c69ab992 mes5/i586/pidgin-2.6.6-0.1mdvmes5.i586.rpm\r\n 9fd465a4f8fac859c99866105f7b8ca6 mes5/i586/pidgin-bonjour-2.6.6-0.1mdvmes5.i586.rpm\r\n cc9df9d83f6d502be50ab878fb59548a mes5/i586/pidgin-client-2.6.6-0.1mdvmes5.i586.rpm\r\n 83e99b56360e08fd571073c73c1e90b1 mes5/i586/pidgin-gevolution-2.6.6-0.1mdvmes5.i586.rpm\r\n c19131aa4670612f77df7fefa0075832 mes5/i586/pidgin-i18n-2.6.6-0.1mdvmes5.i586.rpm\r\n b1102c9ae4445baf526c6c146300f5c2 mes5/i586/pidgin-meanwhile-2.6.6-0.1mdvmes5.i586.rpm\r\n 97a7683edc25e5d4e1291086e882db52 mes5/i586/pidgin-mono-2.6.6-0.1mdvmes5.i586.rpm\r\n b456b539f96ddf35cb06ce8d0ffc1c13 mes5/i586/pidgin-perl-2.6.6-0.1mdvmes5.i586.rpm\r\n 494d4e499b6b3edd278d24051d844eaf mes5/i586/pidgin-plugins-2.6.6-0.1mdvmes5.i586.rpm\r\n a3bde2acd56c097262e2e82b6dad619d mes5/i586/pidgin-silc-2.6.6-0.1mdvmes5.i586.rpm\r\n 250a49eb240275dbda69c9c4b6914590 mes5/i586/pidgin-tcl-2.6.6-0.1mdvmes5.i586.rpm \r\n 267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 8d64ee79b213c13c19a4198841a144ac mes5/x86_64/finch-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 5c433ebf35e04e8d6de964137dc276dd mes5/x86_64/lib64finch0-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 7cc32a1bb4ebe61b0723f94658a45ae1 mes5/x86_64/lib64purple0-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 2d427370e582eb2709b1b3f50b54a364 mes5/x86_64/lib64purple-devel-2.6.6-0.1mdvmes5.x86_64.rpm\r\n db09b8debee6cca9ebbd66fa2d12ec47 mes5/x86_64/pidgin-2.6.6-0.1mdvmes5.x86_64.rpm\r\n bcc51f21decc8447069faa3c1f8563c2 mes5/x86_64/pidgin-bonjour-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 5e368dec9bccac6530c79855892c8a45 mes5/x86_64/pidgin-client-2.6.6-0.1mdvmes5.x86_64.rpm\r\n d068b236e3e33274d32ccf911d07ae27 mes5/x86_64/pidgin-gevolution-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 14542696ab4124d542435f2d09f1b8e2 mes5/x86_64/pidgin-i18n-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 1abe031c7d81ef8e3744ccac89e085f8 mes5/x86_64/pidgin-meanwhile-2.6.6-0.1mdvmes5.x86_64.rpm\r\n fe6d09ae59b3afb8d6154411d2274ad8 mes5/x86_64/pidgin-mono-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 0cafc627ab6efa449cd1857c9032de68 mes5/x86_64/pidgin-perl-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 650f4c48dafe08cca128ff1410c7c919 mes5/x86_64/pidgin-plugins-2.6.6-0.1mdvmes5.x86_64.rpm\r\n fd78039daafeb41f2356a3e617f37c08 mes5/x86_64/pidgin-silc-2.6.6-0.1mdvmes5.x86_64.rpm\r\n afb6b2d287d4df27e845fbbb0331052d mes5/x86_64/pidgin-tcl-2.6.6-0.1mdvmes5.x86_64.rpm \r\n 267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFLfSUHmqjQ0CJFipgRAttGAKCxQbsdGtNK2rs9RMbLQmhz2UM69wCg32zV\r\nvL0qCU2xlQDncxOIar1eKrI=\r\n=vJpo\r\n-----END PGP SIGNATURE-----", "modified": "2010-02-19T00:00:00", "published": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23258", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23258", "title": "[ MDVSA-2010:041 ] pidgin", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "description": "\nThree denial of service vulnerabilities where found in\n\t pidgin and allow remote attackers to crash the application.\n\t The developers summarized these problems as follows:\n\nPidgin can become unresponsive when displaying large\n\t numbers of smileys\n\n\nCertain nicknames in group chat rooms can trigger a\n\t crash in Finch\n\n\nFailure to validate all fields of an incoming message\n\t can trigger a crash\n\n", "modified": "2010-02-18T00:00:00", "published": "2010-02-18T00:00:00", "id": "A2C4D3D5-4C7B-11DF-83FB-0015587E2CC1", "href": "https://vuxml.freebsd.org/freebsd/a2c4d3d5-4c7b-11df-83fb-0015587e2cc1.html", "title": "pidgin -- multiple remote denial of service vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:13:59", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 38294\r\nCVE ID: CVE-2010-0277,CVE-2010-0420,CVE-2010-0423\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002\r\n\r\nPidgin\u7684MSN\u534f\u8bae\u5b9e\u73b0\u5904\u7406MSNSLP\u9080\u8bf7\u7684\u65b9\u5f0f\u5b58\u5728\u8f93\u5165\u8fc7\u6ee4\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u53d1\u9001\u7279\u5236\u7684INVITE\u8bf7\u6c42\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548c Pidgin\u5d29\u6e83\uff09\u3002\r\n\r\nFinch\u7684XMPP\u804a\u5929\u5b9e\u73b0\u5728\u4f7f\u7528\u591a\u7528\u6237\u4f1a\u8bdd\u65f6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5982\u679c\u591a\u7528\u6237\u804a\u5929\u4f1a\u8bdd\u4e2d\u7684Finch\u7528\u6237\u8981\u5c06\u6635\u79f0\u66f4\u6539\u4e3a\u5305\u542b\u6709HTML br\u5143\u7d20\uff0c\u5c31\u4f1a\u5bfc\u81f4Finch\u5d29\u6e83\u3002\r\n\r\nPidgin\u5904\u7406\u8868\u60c5\u7b26\u56fe\u5f62\u7684\u65b9\u5f0f\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u76f8\u4e92\u901a\u8baf\u4e2d\u5411\u53d7\u5bb3\u7528\u6237\u53d1\u9001\u5927\u91cf\u7684\u8868\u60c5\u7b26\u56fe\u5f62\uff0c\u5bfc\u81f4\u8fc7\u591a\u7684CPU\u4f7f\u7528\u7387\u3002\n\nPidgin < 2.6.6\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0115-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0115-01\uff1aModerate: pidgin security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0115.html\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://developer.pidgin.im/wiki/ChangeLog", "modified": "2010-03-02T00:00:00", "published": "2010-03-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19202", "id": "SSV:19202", "title": "Pidgin\u591a\u4e2a\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "centos": [{"lastseen": "2019-05-29T18:33:36", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0115\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could send a\nspecially-crafted INVITE request that would cause a denial of service\n(memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation,\nwhen using multi-user chat. If a Finch user in a multi-user chat session\nwere to change their nickname to contain the HTML \"br\" element, it would\ncause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project\nfor responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon\nimages. A remote attacker could flood the victim with emoticon images\nduring mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which\ncorrect these issues. Pidgin must be restarted for this update to take\neffect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016511.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016512.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016523.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016524.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0115.html", "modified": "2010-02-23T00:11:45", "published": "2010-02-20T00:04:47", "href": "http://lists.centos.org/pipermail/centos-announce/2010-February/016511.html", "id": "CESA-2010:0115", "title": "finch, libpurple, pidgin security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:21", "bulletinFamily": "unix", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could send a\nspecially-crafted INVITE request that would cause a denial of service\n(memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation,\nwhen using multi-user chat. If a Finch user in a multi-user chat session\nwere to change their nickname to contain the HTML \"br\" element, it would\ncause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project\nfor responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon\nimages. A remote attacker could flood the victim with emoticon images\nduring mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which\ncorrect these issues. Pidgin must be restarted for this update to take\neffect.", "modified": "2017-09-08T11:48:27", "published": "2010-02-18T05:00:00", "id": "RHSA-2010:0115", "href": "https://access.redhat.com/errata/RHSA-2010:0115", "type": "redhat", "title": "(RHSA-2010:0115) Moderate: pidgin security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:22", "bulletinFamily": "unix", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix denial of service issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/pidgin-2.6.6-i486-1_slack13.0.txz: Upgraded.\n This fixes a few denial-of-service flaws as well as other bugs.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.6-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.6.6-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.6.6-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.6.6-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.6.6-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.6.6-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.6.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nab0bdf3a3de12e14973e603f812cb0de pidgin-2.6.6-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nf84d789da03ce5e6481c9e04481913a6 pidgin-2.6.6-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n788ed01f917aa0bfca365e9f77a3490e pidgin-2.6.6-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nc8456f8e3c9fb456afcb49871c557e9f pidgin-2.6.6-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n80baaeb8cb042fab6c9764b491c3ebd1 pidgin-2.6.6-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n5ddf6032d36ba29d5ae14ecaedbab88f pidgin-2.6.6-i486-1.txz\n\nSlackware x86_64 -current package:\n451919ccd63ef9aa4245dbe1afb27587 pidgin-2.6.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.6.6-i486-1_slack13.0.txz", "modified": "2010-03-10T18:17:44", "published": "2010-03-10T18:17:44", "id": "SSA-2010-069-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.458630", "title": "pidgin", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
