5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.115 Low
EPSS
Percentile
94.7%
Gerfried Fuchs uploaded new packages for pidgin which fixed the
following security problem:
CVE-2009-3615
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and
Adium before 1.3.7 allows remote attackers to cause a denial of
service (application crash) via crafted contact-list data for
(1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.
For the lenny-backports distribution the problem has been fixed in
version 2.6.3-1~bpo50+1.
For the squeeze and sid distributions the problem has been fixed in
version 2.6.3-1.
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t lenny-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | pidgin | <ย 2.6.3-1 | pidgin_2.6.3-1_all.deb |