5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.079 Low
EPSS
Percentile
93.5%
Jan Wagner uploaded a new package for pidgin which fixed the following
security problem:
CVE-2010-0013[1] and Debian Bug #563206[2]
It was discovered that Pidgin did not properly handle custom smiley
requests in the MSN protocol handler. A remote attacker could send a
specially crafted filename in a custom smiley request and obtain arbitrary
files via directory traversal.
For the lenny distribution the problem has been fixed soon in
version 2.4.3-4lenny5.
For the sid distribution the problem has been fixed in
version 2.6.5-2.
If you don't use pinning (see [1]) you have to update nagios3
manually via "apt-get -t etch-backports install nagios".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
[1] http://security-tracker.debian.org/tracker/CVE-2010-0013
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | pidgin | < 2.4.3-4lenny5 | pidgin_2.4.3-4lenny5_all.deb |