Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2017-0102
HistoryApr 04, 2017 - 9:44 a.m.

Updated pidgin packages fix security vulnerability

2017-04-0409:44:05
Gentoo Foundation
advisories.mageia.org
8

0.007 Low

EPSS

Percentile

79.7%

JSON

A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side (CVE-2017-2640). The pidgin package has been updated to version 2.12.0, which fixes this issue and other bugs, including certificate validation for the Google Talk protocol. It also removes protocol plugins for services that are no longer available or supported. See the upstream ChangeLog for details.

OSVersionArchitecturePackageVersionFilename
Mageia5noarchpidgin< 2.12.0-1pidgin-2.12.0-1.mga5

Related

threatpost 1
ubuntu 1
nessus 17
osv 3
debian 3
gentoo 1
prion 1
alpinelinux 1
openvas 11
archlinux 1
veracode 1
debiancve 1
kaspersky 1
redhatcve 1
cve 1
cvelist 1
ubuntucve 1
slackware 1
suse 1
redhat 1
centos 1
oraclelinux 1
threatpost
threatpost
Code Execution Vulnerability Found in Libpurple IM Library
2017-03-21 14:28:44
ubuntu
ubuntu
Pidgin vulnerability
2017-03-14 00:00:00
nessus
nessus
GLSA-201706-10 : Pidgin: Arbitrary code execution
2017-06-07 00:00:00
Pidgin < 2.12.0 libpurple/util.c purple_markup_unescape_entity() XML Entity Handling RCE
2017-03-24 00:00:00
openSUSE Security Update : pidgin (openSUSE-2017-410)
2017-04-03 00:00:00
osv
osv
pidgin - security update
2017-03-11 00:00:00
pidgin - security update
2017-03-10 00:00:00
CVE-2017-2640
2018-07-27 18:29:00
debian
debian
[SECURITY] [DSA 3806-1] pidgin security update
2017-03-10 03:43:45
[SECURITY] [DLA 853-1] pidgin security update
2017-03-11 12:38:26
[SECURITY] [DSA 3806-1] pidgin security update
2017-03-10 03:44:07
gentoo
gentoo
Pidgin: Arbitrary code execution
2017-06-06 00:00:00
prion
prion
Cross site scripting
2018-07-27 18:29:00
alpinelinux
alpinelinux
CVE-2017-2640
2018-07-27 18:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-3231-1)
2017-03-14 00:00:00
Slackware: Security Advisory (SSA:2017-074-01)
2022-04-21 00:00:00
openSUSE: Security Advisory for pidgin (openSUSE-SU-2017:0973-1)
2017-04-12 00:00:00
archlinux
archlinux
[ASA-201703-18] libpurple: arbitrary code execution
2017-03-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-05-31 04:08:56
debiancve
debiancve
CVE-2017-2640
2018-07-27 18:29:00
kaspersky
kaspersky
KLA11359 ACE vulnerability in Pidgin
2017-03-09 00:00:00
redhatcve
redhatcve
CVE-2017-2640
2017-03-10 08:48:05
cve
cve
CVE-2017-2640
2018-07-27 18:29:00
cvelist
cvelist
CVE-2017-2640
2018-07-27 18:00:00
ubuntucve
ubuntucve
CVE-2017-2640
2017-03-10 00:00:00
slackware
slackware
[slackware-security] pidgin
2017-03-16 03:25:04
suse
suse
Security update for pidgin (important)
2017-04-11 15:08:50
redhat
redhat
(RHSA-2017:1854) Moderate: pidgin security, bug fix, and enhancement update
2017-08-01 05:55:25
centos
centos
finch, libpurple, pidgin security update
2017-08-24 01:40:35
oraclelinux
oraclelinux
pidgin security, bug fix, and enhancement update
2017-08-07 00:00:00

0.007 Low

EPSS

Percentile

79.7%

JSON
Related for MGASA-2017-0102
threatpost1ubuntu1nessus17osv3debian3gentoo1prion1alpinelinux1openvas11archlinux1veracode1debiancve1kaspersky1redhatcve1cve1cvelist1ubuntucve1slackware1suse1redhat1centos1oraclelinux1