ID RHSA-2011:1371 Type redhat Reporter RedHat Modified 2017-09-08T12:08:20
Description
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
An input sanitization flaw was found in the way the Pidgin SILC (Secure
Internet Live Conferencing) protocol plug-in escaped certain UTF-8
characters. A remote attacker could use this flaw to crash Pidgin via a
specially-crafted SILC message. (CVE-2011-3594)
Multiple NULL pointer dereference flaws were found in the way the Pidgin
Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote
attacker could use these flaws to crash Pidgin via a specially-crafted
notification message. (CVE-2011-1091)
Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.
Upstream acknowledges Marius Wachtler as the original reporter of
CVE-2011-1091.
All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.
{"cve": [{"lastseen": "2017-09-19T13:37:24", "bulletinFamily": "NVD", "description": "libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.", "modified": "2017-09-18T21:32:17", "published": "2011-03-14T15:55:02", "id": "CVE-2011-1091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1091", "title": "CVE-2011-1091", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:37:55", "bulletinFamily": "NVD", "description": "The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.", "modified": "2017-09-18T21:34:00", "published": "2011-11-04T17:55:07", "id": "CVE-2011-3594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3594", "title": "CVE-2011-3594", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:12:39", "bulletinFamily": "scanner", "description": "Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting\nCVE-2011-1091. Upstream acknowledges Marius Wachtler as the original\nreporter of CVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-11-26T00:00:00", "published": "2011-10-14T00:00:00", "id": "REDHAT-RHSA-2011-1371.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56505", "title": "RHEL 4 / 5 : pidgin (RHSA-2011:1371)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1371. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56505);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_bugtraq_id(46837, 49912);\n script_xref(name:\"RHSA\", value:\"2011:1371\");\n\n script_name(english:\"RHEL 4 / 5 : pidgin (RHSA-2011:1371)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting\nCVE-2011-1091. Upstream acknowledges Marius Wachtler as the original\nreporter of CVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1371\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1371\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-7.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-7.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-5.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-5.el5_7.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:40", "bulletinFamily": "scanner", "description": "Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting\nCVE-2011-1091. Upstream acknowledges Marius Wachtler as the original\nreporter of CVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "published": "2011-10-17T00:00:00", "id": "CENTOS_RHSA-2011-1371.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56514", "title": "CentOS 4 / 5 : pidgin (CESA-2011:1371)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1371 and \n# CentOS Errata and Security Advisory 2011:1371 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56514);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_bugtraq_id(46837, 49912);\n script_xref(name:\"RHSA\", value:\"2011:1371\");\n\n script_name(english:\"CentOS 4 / 5 : pidgin (CESA-2011:1371)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting\nCVE-2011-1091. Upstream acknowledges Marius Wachtler as the original\nreporter of CVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5411907d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018164.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9397a80\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2849d6d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8bf6b85\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-7.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.6.6-5.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:27", "bulletinFamily": "scanner", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-12-31T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20111013_PIDGIN_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61153", "title": "Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61153);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n\n script_name(english:\"Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=1087\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02826496\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"finch-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"finch-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-perl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-tcl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-debuginfo-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-perl-2.6.6-7.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"finch-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"finch-devel-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-devel-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-perl-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-tcl-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-debuginfo-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-devel-2.6.6-5.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-perl-2.6.6-5.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:44", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:1371 :\n\nUpdated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting\nCVE-2011-1091. Upstream acknowledges Marius Wachtler as the original\nreporter of CVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2011-1371.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68369", "title": "Oracle Linux 4 : pidgin (ELSA-2011-1371)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1371 and \n# Oracle Linux Security Advisory ELSA-2011-1371 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68369);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_bugtraq_id(46837, 49912);\n script_xref(name:\"RHSA\", value:\"2011:1371\");\n\n script_name(english:\"Oracle Linux 4 : pidgin (ELSA-2011-1371)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1371 :\n\nUpdated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC\n(Secure Internet Live Conferencing) protocol plug-in escaped certain\nUTF-8 characters. A remote attacker could use this flaw to crash\nPidgin via a specially crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting\nCVE-2011-1091. Upstream acknowledges Marius Wachtler as the original\nreporter of CVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002400.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"finch-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.6.6-7.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.6.6-7.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:49", "bulletinFamily": "scanner", "description": "Marius Wachtler discovered that Pidgin incorrectly handled malformed\nYMSG messages in the Yahoo! protocol handler. A remote attacker could\nsend a specially crafted message and cause Pidgin to crash, leading to\na denial of service. This issue only affected Ubuntu 10.04 LTS and\n10.10. (CVE-2011-1091)\n\nMarius Wachtler discovered that Pidgin incorrectly handled HTTP 100\nresponses in the MSN protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2011-3184)\n\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\nsequences in the SILC protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2011-3594).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2011-11-22T00:00:00", "id": "UBUNTU_USN-1273-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56915", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : pidgin vulnerabilities (USN-1273-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1273-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56915);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3184\", \"CVE-2011-3594\");\n script_bugtraq_id(46837, 49268, 49912);\n script_xref(name:\"USN\", value:\"1273-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : pidgin vulnerabilities (USN-1273-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marius Wachtler discovered that Pidgin incorrectly handled malformed\nYMSG messages in the Yahoo! protocol handler. A remote attacker could\nsend a specially crafted message and cause Pidgin to crash, leading to\na denial of service. This issue only affected Ubuntu 10.04 LTS and\n10.10. (CVE-2011-1091)\n\nMarius Wachtler discovered that Pidgin incorrectly handled HTTP 100\nresponses in the MSN protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2011-3184)\n\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\nsequences in the SILC protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2011-3594).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1273-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"pidgin\", pkgver:\"1:2.6.6-1ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"pidgin\", pkgver:\"1:2.7.3-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"pidgin\", pkgver:\"1:2.7.11-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:19:06", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - 722199: libpurple vulnerability in SILC protocol\n handling (CVE-2011-3594)", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_4_FINCH-111128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75829", "title": "openSUSE Security Update : finch (openSUSE-SU-2011:1291-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update finch-5485.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75829);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-3594\");\n\n script_name(english:\"openSUSE Security Update : finch (openSUSE-SU-2011:1291-1)\");\n script_summary(english:\"Check for the finch-5485 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - 722199: libpurple vulnerability in SILC protocol\n handling (CVE-2011-3594)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected finch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-evolution-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"finch-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"finch-debuginfo-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"finch-devel-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-debuginfo-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-devel-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-lang-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-meanwhile-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-meanwhile-debuginfo-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-tcl-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-tcl-debuginfo-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-debuginfo-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-debugsource-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-devel-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-evolution-2.7.10-4.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-evolution-debuginfo-2.7.10-4.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-lang / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:18:57", "bulletinFamily": "scanner", "description": "This update fixes the following security issues :\n\n - 722199: libpurple vulnerability in SILC protocol\n handling (CVE-2011-3594)", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "SUSE_11_3_FINCH-111128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75489", "title": "openSUSE Security Update : finch (openSUSE-SU-2011:1291-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update finch-5485.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75489);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-3594\");\n\n script_name(english:\"openSUSE Security Update : finch (openSUSE-SU-2011:1291-1)\");\n script_summary(english:\"Check for the finch-5485 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - 722199: libpurple vulnerability in SILC protocol\n handling (CVE-2011-3594)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected finch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"finch-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"finch-devel-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpurple-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpurple-devel-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpurple-lang-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpurple-meanwhile-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpurple-mono-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpurple-tcl-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pidgin-2.7.9-1.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"pidgin-devel-2.7.9-1.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-lang / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:43", "bulletinFamily": "scanner", "description": "specially crafted SILC messages could crash libpurple (CVE-2011-3594)", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2011-35.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74523", "title": "openSUSE Security Update : pidgin (openSUSE-2011-35)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-35.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74523);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:53:55 $\");\n\n script_cve_id(\"CVE-2011-3594\");\n\n script_name(english:\"openSUSE Security Update : pidgin (openSUSE-2011-35)\");\n script_summary(english:\"Check for the openSUSE-2011-35 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"specially crafted SILC messages could crash libpurple (CVE-2011-3594)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-evolution-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"finch-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"finch-debuginfo-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"finch-devel-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-branding-upstream-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-debuginfo-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-devel-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-lang-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-meanwhile-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-meanwhile-debuginfo-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-tcl-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-tcl-debuginfo-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-debuginfo-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-debugsource-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-devel-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-evolution-2.10.0-8.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-evolution-debuginfo-2.10.0-8.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-debuginfo / finch-devel / libpurple / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:11:53", "bulletinFamily": "scanner", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.", "modified": "2018-08-09T00:00:00", "published": "2011-03-14T00:00:00", "id": "SLACKWARE_SSA_2011-070-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52636", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2011-070-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-070-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52636);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2011-1091\");\n script_xref(name:\"SSA\", value:\"2011-070-02\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2011-070-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, 13.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7d8be63\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.7.11\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:25", "bulletinFamily": "scanner", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Marius Wachtler as the original\nreporter.\n\nThis update also fixes the following bugs :\n\n - Previous versions of the pidgin package did not properly\n clear certain data structures used in libpurple/cipher.c\n when attempting to free them. Partial information could\n potentially be extracted from the incorrectly cleared\n regions of the previously freed memory. With this\n update, data structures are properly cleared when freed.\n (BZ#684685)\n\n - This erratum upgrades Pidgin to upstream version 2.7.9.\n For a list of all changes addressed in this upgrade,\n refer to http://developer.pidgin.im/wiki/ChangeLog\n (BZ#616917)\n\n - Some incomplete translations for the kn_IN and ta_IN\n locales have been corrected. (BZ#633860, BZ#640170)\n\nUsers of pidgin should upgrade to these updated packages, which\nresolve these issues. Pidgin must be restarted for this update to take\neffect.", "modified": "2018-12-31T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20110519_PIDGIN_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61045", "title": "Scientific Linux Security Update : pidgin on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61045);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-1091\");\n\n script_name(english:\"Scientific Linux Security Update : pidgin on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way the\nPidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG\npackets. A remote attacker could use these flaws to crash Pidgin via a\nspecially crafted notification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Marius Wachtler as the original\nreporter.\n\nThis update also fixes the following bugs :\n\n - Previous versions of the pidgin package did not properly\n clear certain data structures used in libpurple/cipher.c\n when attempting to free them. Partial information could\n potentially be extracted from the incorrectly cleared\n regions of the previously freed memory. With this\n update, data structures are properly cleared when freed.\n (BZ#684685)\n\n - This erratum upgrades Pidgin to upstream version 2.7.9.\n For a list of all changes addressed in this upgrade,\n refer to http://developer.pidgin.im/wiki/ChangeLog\n (BZ#616917)\n\n - Some incomplete translations for the kn_IN and ta_IN\n locales have been corrected. (BZ#633860, BZ#640170)\n\nUsers of pidgin should upgrade to these updated packages, which\nresolve these issues. Pidgin must be restarted for this update to take\neffect.\"\n );\n # http://developer.pidgin.im/wiki/ChangeLog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.pidgin.im/wiki/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=616917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=633860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=684685\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=187\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e03bb8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"finch-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"finch-devel-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-devel-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-perl-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-tcl-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-debuginfo-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-devel-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-docs-2.7.9-3.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-perl-2.7.9-3.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-27T10:55:16", "bulletinFamily": "scanner", "description": "Check for the Version of pidgin", "modified": "2017-07-12T00:00:00", "published": "2011-10-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870500", "id": "OPENVAS:870500", "title": "RedHat Update for pidgin RHSA-2011:1371-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pidgin RHSA-2011:1371-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"pidgin on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00007.html\");\n script_id(870500);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1371-01\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_name(\"RedHat Update for pidgin RHSA-2011:1371-01\");\n\n script_summary(\"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:18:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-10-14T00:00:00", "id": "OPENVAS:1361412562310870500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870500", "title": "RedHat Update for pidgin RHSA-2011:1371-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pidgin RHSA-2011:1371-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870500\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1371-01\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_name(\"RedHat Update for pidgin RHSA-2011:1371-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pidgin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"pidgin on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n\n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n\n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n\n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~7.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:28", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2018-04-06T00:00:00", "published": "2011-10-18T00:00:00", "id": "OPENVAS:1361412562310881019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881019", "title": "CentOS Update for finch CESA-2011:1371 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018105.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881019\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:24", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2017-07-10T00:00:00", "published": "2011-11-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881039", "id": "OPENVAS:881039", "title": "CentOS Update for finch CESA-2011:1371 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n\n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n\n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n\n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018163.html\");\n script_id(881039);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:43 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos4 i386\");\n\n script_summary(\"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:44", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2018-04-06T00:00:00", "published": "2011-11-11T00:00:00", "id": "OPENVAS:1361412562310881039", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881039", "title": "CentOS Update for finch CESA-2011:1371 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n\n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n\n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n\n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018163.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881039\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:43 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:43", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2017-07-10T00:00:00", "published": "2011-10-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881019", "id": "OPENVAS:881019", "title": "CentOS Update for finch CESA-2011:1371 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018105.html\");\n script_id(881019);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-18 15:48:35 +0200 (Tue, 18 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos5 i386\");\n\n script_summary(\"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:56", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2017-12-29T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881407", "id": "OPENVAS:881407", "title": "CentOS Update for finch CESA-2011:1371 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"finch on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018164.html\");\n script_id(881407);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:48:31 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:55", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881263", "id": "OPENVAS:881263", "title": "CentOS Update for finch CESA-2011:1371 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"finch on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018106.html\");\n script_id(881263);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:36 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:15", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881407", "title": "CentOS Update for finch CESA-2011:1371 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"finch on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018164.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881407\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:48:31 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~7.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:39", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881263", "title": "CentOS Update for finch CESA-2011:1371 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2011:1371 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n An input sanitization flaw was found in the way the Pidgin SILC (Secure\n Internet Live Conferencing) protocol plug-in escaped certain UTF-8\n characters. A remote attacker could use this flaw to crash Pidgin via a\n specially-crafted SILC message. (CVE-2011-3594)\n \n Multiple NULL pointer dereference flaws were found in the way the Pidgin\n Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\n attacker could use these flaws to crash Pidgin via a specially-crafted\n notification message. (CVE-2011-1091)\n \n Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\n Upstream acknowledges Marius Wachtler as the original reporter of\n CVE-2011-1091.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"finch on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018106.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881263\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:36 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-1091\", \"CVE-2011-3594\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:1371\");\n script_name(\"CentOS Update for finch CESA-2011:1371 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el5_7.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:42:01", "bulletinFamily": "unix", "description": "[2.6.6-7]\n- Add patch for CVE-2011-3594 (RH bug #743798).\n[2.6.6-6]\n- Add patch for CVE-2011-1091 (RH bug #743798).", "modified": "2011-10-14T00:00:00", "published": "2011-10-14T00:00:00", "id": "ELSA-2011-1371", "href": "http://linux.oracle.com/errata/ELSA-2011-1371.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:39:13", "bulletinFamily": "unix", "description": "[2.7.9-3.el6]\n- Add patch for RH bug #684685 (zero-out crypto keys before freeing).\n[2.7.9-2.el6]\n- Add patch for CVE-2011-1091 (RH bug #683031).\n[2.7.9-1.el6]\n- Update to 2.7.9 (RH bug #616917).\n- Remove patches now included upstream:\n pidgin-2.6.6-clientLogin-proxy-fix.patch\n pidgin-2.6.6-clientLogin-use-https.patch\n pidgin-2.6.6-CVE-2010-1624.patch\n pidgin-2.6.6-CVE-2010-3711.patch\n- Disable the translation updates patch. It doesn't apply anymore and\n will have to be redone. Saving the patch for now in case some parts\n are still useful to translators.", "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0616", "href": "http://linux.oracle.com/errata/ELSA-2011-0616.html", "title": "pidgin security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1371\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way the Pidgin SILC (Secure\nInternet Live Conferencing) protocol plug-in escaped certain UTF-8\ncharacters. A remote attacker could use this flaw to crash Pidgin via a\nspecially-crafted SILC message. (CVE-2011-3594)\n\nMultiple NULL pointer dereference flaws were found in the way the Pidgin\nYahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\nattacker could use these flaws to crash Pidgin via a specially-crafted\nnotification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting CVE-2011-1091.\nUpstream acknowledges Marius Wachtler as the original reporter of\nCVE-2011-1091.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018163.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018164.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/018105.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/018106.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1371.html", "modified": "2011-11-09T15:45:10", "published": "2011-10-14T14:48:12", "href": "http://lists.centos.org/pipermail/centos-announce/2011-October/018105.html", "id": "CESA-2011:1371", "title": "finch, libpurple, pidgin security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1273-1\r\nNovember 21, 2011\r\n\r\npidgin vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nPidgin could be made to crash if it received specially crafted network\r\ntraffic.\r\n\r\nSoftware Description:\r\n- pidgin: multi-protocol instant messaging client\r\n\r\nDetails:\r\n\r\nMarius Wachtler discovered that Pidgin incorrectly handled malformed YMSG\r\nmessages in the Yahoo! protocol handler. A remote attacker could send a\r\nspecially crafted message and cause Pidgin to crash, leading to a denial\r\nof service. This issue only affected Ubuntu 10.04 LTS and 10.10.\r\n(CVE-2011-1091)\r\n\r\nMarius Wachtler discovered that Pidgin incorrectly handled HTTP 100\r\nresponses in the MSN protocol handler. A remote attacker could send a\r\nspecially crafted message and cause Pidgin to crash, leading to a denial\r\nof service. (CVE-2011-3184)\r\n\r\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\r\nsequences in the SILC protocol handler. A remote attacker could send a\r\nspecially crafted message and cause Pidgin to crash, leading to a denial\r\nof service. (CVE-2011-3594)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n pidgin 1:2.7.11-1ubuntu2.1\r\n\r\nUbuntu 10.10:\r\n pidgin 1:2.7.3-1ubuntu3.3\r\n\r\nUbuntu 10.04 LTS:\r\n pidgin 1:2.6.6-1ubuntu4.4\r\n\r\nAfter a standard system update you need to restart Pidgin to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1273-1\r\n CVE-2011-1091, CVE-2011-3184, CVE-2011-3594\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/pidgin/1:2.7.11-1ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/pidgin/1:2.7.3-1ubuntu3.3\r\n https://launchpad.net/ubuntu/+source/pidgin/1:2.6.6-1ubuntu4.4\r\n", "modified": "2011-11-27T00:00:00", "published": "2011-11-27T00:00:00", "id": "SECURITYVULNS:DOC:27382", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27382", "title": "[USN-1273-1] Pidgin vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:183\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : December 10, 2011\r\n Affected: 2010.1, 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in pidgin:\r\n \r\n When receiving various stanzas related to voice and video chat,\r\n the XMPP protocol plugin failed to ensure that the incoming message\r\n contained all required fields, and would crash if certain fields\r\n were missing.\r\n \r\n When receiving various messages related to requesting or receiving\r\n authorization for adding a buddy to a buddy list, the oscar protocol\r\n plugin failed to validate that a piece of text was UTF-8. In some\r\n cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).\r\n \r\n When receiving various incoming messages, the SILC protocol plugin\r\n failed to validate that a piece of text was UTF-8. In some cases\r\n invalid UTF-8 data would lead to a crash (CVE-2011-3594).\r\n \r\n This update provides pidgin 2.10.1, which is not vulnerable to\r\n these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4601\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3594\r\n http://www.pidgin.im/news/security/\r\n http://pidgin.im/news/security/?id=56\r\n http://pidgin.im/news/security/?id=57\r\n http://pidgin.im/news/security/?id=58\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n 5760fb2021c3bcd9a9cc868c4d372ed9 2010.1/i586/finch-2.10.1-0.1mdv2010.2.i586.rpm\r\n c3780080c901d37497d05a64ad04861c 2010.1/i586/libfinch0-2.10.1-0.1mdv2010.2.i586.rpm\r\n 44dab21da24dc0cbe87aa77cc169284c 2010.1/i586/libpurple0-2.10.1-0.1mdv2010.2.i586.rpm\r\n 8a02d670933e11151ed49c836dc8e7fb 2010.1/i586/libpurple-devel-2.10.1-0.1mdv2010.2.i586.rpm\r\n e5565acb778b22f18c58d9f58936904d 2010.1/i586/pidgin-2.10.1-0.1mdv2010.2.i586.rpm\r\n 8d7dd47702343d6faf2cb8fc37905cb3 2010.1/i586/pidgin-bonjour-2.10.1-0.1mdv2010.2.i586.rpm\r\n aee6e7d5b101af04a3d1bb565de1a48f 2010.1/i586/pidgin-client-2.10.1-0.1mdv2010.2.i586.rpm\r\n 6d6e5c647e0c88b8aec6044f13e3616c 2010.1/i586/pidgin-gevolution-2.10.1-0.1mdv2010.2.i586.rpm\r\n 70b22a04176ec1e5240b4e43722cede3 2010.1/i586/pidgin-i18n-2.10.1-0.1mdv2010.2.i586.rpm\r\n 6673de268a4c53b44dae91487944c211 2010.1/i586/pidgin-meanwhile-2.10.1-0.1mdv2010.2.i586.rpm\r\n 6862f6fc918cca0d60a162e9c160e452 2010.1/i586/pidgin-perl-2.10.1-0.1mdv2010.2.i586.rpm\r\n 754903e35ac3b0e77d2c13e846dbdc41 2010.1/i586/pidgin-plugins-2.10.1-0.1mdv2010.2.i586.rpm\r\n 2e16473bc98b8f4dda76b89b44690322 2010.1/i586/pidgin-silc-2.10.1-0.1mdv2010.2.i586.rpm\r\n fd8a4eb06e140550966e9d4dd47e8647 2010.1/i586/pidgin-tcl-2.10.1-0.1mdv2010.2.i586.rpm \r\n 67da842fb1886685ed1f9d1a2811ca41 2010.1/SRPMS/pidgin-2.10.1-0.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 19214e80ad6e07bc8fbd76a770f5fb41 2010.1/x86_64/finch-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n b5fc8b19bc3566a9845e44e63ca91cd3 2010.1/x86_64/lib64finch0-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 9465e855935e5f1a1159824ca3529080 2010.1/x86_64/lib64purple0-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 5d8608f39db8a0888c05ebd592dee061 2010.1/x86_64/lib64purple-devel-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 7adaa941cd2bca0445e112f0d2a35f16 2010.1/x86_64/pidgin-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 56a3a11402f7397ba723cf341f7ff73c 2010.1/x86_64/pidgin-bonjour-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n e9877b42a24ad67f1c90a959809f543b 2010.1/x86_64/pidgin-client-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 55a597ea9298a7a34ce1c086982eb557 2010.1/x86_64/pidgin-gevolution-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 55461139c45ddb5851336ddcf0e89dab 2010.1/x86_64/pidgin-i18n-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 0a092014c245cf7b258e83308ab12b4a 2010.1/x86_64/pidgin-meanwhile-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 718579ad386213ebd9c73c9a4d2810db 2010.1/x86_64/pidgin-perl-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n bb044452a207e7df0ef1eb836c13c432 2010.1/x86_64/pidgin-plugins-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n d16a10cd074364d4a9a97e435cfe0b28 2010.1/x86_64/pidgin-silc-2.10.1-0.1mdv2010.2.x86_64.rpm\r\n 0b2cdfb643d2efb098c50e708f900f79 2010.1/x86_64/pidgin-tcl-2.10.1-0.1mdv2010.2.x86_64.rpm \r\n 67da842fb1886685ed1f9d1a2811ca41 2010.1/SRPMS/pidgin-2.10.1-0.1mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n 9b78a3cb5192b6b973715a86d5f2a185 2011/i586/finch-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 4d883b1daddce33fafe57d9a99463358 2011/i586/libfinch0-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 499ca1bc78a3f2df77e88e2703a4a725 2011/i586/libpurple0-2.10.1-0.1-mdv2011.0.i586.rpm\r\n b6948cabf0fcd0c3dd104219bf4d529b 2011/i586/libpurple-devel-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 0016330f267d2bff69e61713c44699ed 2011/i586/pidgin-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 9de78991ff7584e0814f54f2545fae24 2011/i586/pidgin-bonjour-2.10.1-0.1-mdv2011.0.i586.rpm\r\n ee2045f1eda4a0183cb77f2a60f39ef2 2011/i586/pidgin-client-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 6d079b32b1aaf2beaa3cc82f21c345d4 2011/i586/pidgin-gevolution-2.10.1-0.1-mdv2011.0.i586.rpm\r\n e84ffa4bf739acaa10eda992600a6cc9 2011/i586/pidgin-i18n-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 35242c70c5cd6cd765fe947a68049496 2011/i586/pidgin-meanwhile-2.10.1-0.1-mdv2011.0.i586.rpm\r\n a3c3029ce97ff37d16cea641a7e19af2 2011/i586/pidgin-perl-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 62f6cca4f6a7f812c5dd011ce0b83f8c 2011/i586/pidgin-plugins-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 6949ebb1e90eedd7abd7aef9cfe1a42b 2011/i586/pidgin-silc-2.10.1-0.1-mdv2011.0.i586.rpm\r\n 648df3013f920bda8e8883582558dc63 2011/i586/pidgin-tcl-2.10.1-0.1-mdv2011.0.i586.rpm \r\n 5f6cac1bbc7686d563f15c282c3764e4 2011/SRPMS/pidgin-2.10.1-0.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 1f1cd638179effa0cd529acb24dd4956 2011/x86_64/finch-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n e9f2ef661e38feecd31acb3972e139a4 2011/x86_64/lib64finch0-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 316609fbb06b71f5ae9e53cf29fb6b85 2011/x86_64/lib64purple0-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 65560e62c4289fa654cf81e5e1887d0f 2011/x86_64/lib64purple-devel-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 97a4c63f7225b6994bf60a01aec4bff6 2011/x86_64/pidgin-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 2806e8afe7c505a9bdd127297a85eaf5 2011/x86_64/pidgin-bonjour-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n d0af78fbc9b0e946f26f76f77fd5cfe7 2011/x86_64/pidgin-client-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 1acc288b16a9b84bdd1e9fd214b0d065 2011/x86_64/pidgin-gevolution-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 2c9ca9d092a29f468300f8b504bf9e7f 2011/x86_64/pidgin-i18n-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 52b5285287ad5d5cf470322eed2c0f3a 2011/x86_64/pidgin-meanwhile-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 436f36f77d8e9833ad211019e90fe8d5 2011/x86_64/pidgin-perl-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 89865ddd8ab4294dd5705be25952d941 2011/x86_64/pidgin-plugins-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 3593366b028691c04ac9cc1b2e870cd7 2011/x86_64/pidgin-silc-2.10.1-0.1-mdv2011.0.x86_64.rpm\r\n 320993baaaf361e84c66bffc9ee3b354 2011/x86_64/pidgin-tcl-2.10.1-0.1-mdv2011.0.x86_64.rpm \r\n 5f6cac1bbc7686d563f15c282c3764e4 2011/SRPMS/pidgin-2.10.1-0.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 51615cc64b9336513dd37514a809f48d mes5/i586/finch-2.10.1-0.1mdvmes5.2.i586.rpm\r\n 5bd533e95ee376d1d4233b7814652ac3 mes5/i586/libfinch0-2.10.1-0.1mdvmes5.2.i586.rpm\r\n 0044d4c87f1f6938a08912cf049e5308 mes5/i586/libpurple0-2.10.1-0.1mdvmes5.2.i586.rpm\r\n 8dcd50bf49e30938de5daf041c16ae13 mes5/i586/libpurple-devel-2.10.1-0.1mdvmes5.2.i586.rpm\r\n bfe19b9a2eec9969ead2f87967e708b9 mes5/i586/pidgin-2.10.1-0.1mdvmes5.2.i586.rpm\r\n f87eef70053e0fde18aafb40d9601596 mes5/i586/pidgin-bonjour-2.10.1-0.1mdvmes5.2.i586.rpm\r\n 7aa41129fdc8b4b4b34c64987f48a71a mes5/i586/pidgin-client-2.10.1-0.1mdvmes5.2.i586.rpm\r\n b6279f9475d0e65a1c77a05565ae7a9c mes5/i586/pidgin-gevolution-2.10.1-0.1mdvmes5.2.i586.rpm\r\n c9ccd27fe610345f12ca6564e005c038 mes5/i586/pidgin-i18n-2.10.1-0.1mdvmes5.2.i586.rpm\r\n c4c6546ccfc0323f090508eaca199600 mes5/i586/pidgin-meanwhile-2.10.1-0.1mdvmes5.2.i586.rpm\r\n 4b29c77749959ff3fbaf986c2143f57e mes5/i586/pidgin-perl-2.10.1-0.1mdvmes5.2.i586.rpm\r\n 807f293353085db54ecc79311ac4771e mes5/i586/pidgin-plugins-2.10.1-0.1mdvmes5.2.i586.rpm\r\n ec25f777a62dca92a21aaa7530445508 mes5/i586/pidgin-silc-2.10.1-0.1mdvmes5.2.i586.rpm\r\n f133afd3071815af482c56b61cc05dd9 mes5/i586/pidgin-tcl-2.10.1-0.1mdvmes5.2.i586.rpm \r\n cf990ab47d35341c1949179e5c855ed4 mes5/SRPMS/pidgin-2.10.1-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n fefbb7e6f80ca220c2552292cb452ef7 mes5/x86_64/finch-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n d2250929e39a5dcada37bc505727ee54 mes5/x86_64/lib64finch0-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n a38a3893f1d1ba7d144fe119bfcc6513 mes5/x86_64/lib64purple0-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n e17c2d0c6f21a82d5949c4f43d16c5e5 mes5/x86_64/lib64purple-devel-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 685121d901a528c4a8b88243cffae232 mes5/x86_64/pidgin-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n c01a809955a5529cb9c2b4b53e7d3648 mes5/x86_64/pidgin-bonjour-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 3475de4053f190f75980a86a05b08252 mes5/x86_64/pidgin-client-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 65d3ee299e581feca548a31190d881c9 mes5/x86_64/pidgin-gevolution-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 390290a323fc4a43349ee8e306b6ece7 mes5/x86_64/pidgin-i18n-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 0a565363b5a71527f4a187a49c8f36a8 mes5/x86_64/pidgin-meanwhile-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 8bca72bb09b8aaba4b0dae20f7ef9461 mes5/x86_64/pidgin-perl-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 42b9bb53533492aa48136e8f3e7fe208 mes5/x86_64/pidgin-plugins-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n 641a10bd606b298bd6eaf8697e1a8a82 mes5/x86_64/pidgin-silc-2.10.1-0.1mdvmes5.2.x86_64.rpm\r\n f346af0db7fe52d03c475a44600228f2 mes5/x86_64/pidgin-tcl-2.10.1-0.1mdvmes5.2.x86_64.rpm \r\n cf990ab47d35341c1949179e5c855ed4 mes5/SRPMS/pidgin-2.10.1-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFO48eXmqjQ0CJFipgRAi1zAJ9XZyr4ewcx6I07V7lmlYNcx4Op+gCdF0nv\r\nqxwMoDXEu1edILl3CkSnFvQ=\r\n=Bho6\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-12-19T00:00:00", "published": "2011-12-19T00:00:00", "id": "SECURITYVULNS:DOC:27467", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27467", "title": "[ MDVSA-2011:183 ] pidgin", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "description": "Crash on SILC protocol parsing, crash on OSCAR parsing (AIM, ICQ).", "modified": "2011-12-19T00:00:00", "published": "2011-12-19T00:00:00", "id": "SECURITYVULNS:VULN:12062", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12062", "title": "libpurple / Pidgin DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:53", "bulletinFamily": "unix", "description": "Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2011-1091)\n\nMarius Wachtler discovered that Pidgin incorrectly handled HTTP 100 responses in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2011-3184)\n\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2011-3594)", "modified": "2011-11-21T00:00:00", "published": "2011-11-21T00:00:00", "id": "USN-1273-1", "href": "https://usn.ubuntu.com/1273-1/", "title": "Pidgin vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:57:35", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 49912\r\nCVE ID: CVE-2011-3594\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002\r\n\r\nPidgin\u4e2d\u4f7f\u7528\u7684libpurple 2.10.0\u53ca\u66f4\u65e9\u7248\u672c\u7684SILC\u534f\u8bae\u63d2\u4ef6\u4e2d\u7684g_markup_escape_text\u51fd\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u65e0\u6548\u7684UTF-8\u5e8f\u5217\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\n\nPidgin 2.10.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://pidgin.im/pidgin/home/", "modified": "2011-11-22T00:00:00", "published": "2011-11-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-24236", "id": "SSV:24236", "type": "seebug", "title": "Pidgin "silc_private_message()"\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:20", "bulletinFamily": "unix", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way the Pidgin\nYahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote\nattacker could use these flaws to crash Pidgin via a specially-crafted\nnotification message. (CVE-2011-1091)\n\nRed Hat would like to thank the Pidgin project for reporting these issues.\nUpstream acknowledges Marius Wachtler as the original reporter.\n\nThis update also fixes the following bugs:\n\n* Previous versions of the pidgin package did not properly clear certain\ndata structures used in libpurple/cipher.c when attempting to free them.\nPartial information could potentially be extracted from the incorrectly\ncleared regions of the previously freed memory. With this update, data\nstructures are properly cleared when freed. (BZ#684685)\n\n* This erratum upgrades Pidgin to upstream version 2.7.9. For a list of all\nchanges addressed in this upgrade, refer to\nhttp://developer.pidgin.im/wiki/ChangeLog (BZ#616917)\n\n* Some incomplete translations for the kn_IN and ta_IN locales have been\ncorrected. (BZ#633860, BZ#640170)\n\nUsers of pidgin should upgrade to these updated packages, which resolve\nthese issues. Pidgin must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:13", "published": "2011-05-19T04:00:00", "id": "RHSA-2011:0616", "href": "https://access.redhat.com/errata/RHSA-2011:0616", "type": "redhat", "title": "(RHSA-2011:0616) Low: pidgin security and bug fix update", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:12", "bulletinFamily": "unix", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/pidgin-2.7.11-i486-1_slack13.1.txz: Upgraded.\n Fixed denials of service caused by NULL pointer dereferences due to\n improper handling of malformed YMSG packets.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.7.11-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.7.11-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.7.11-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.7.11-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.7.11-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/pidgin-2.7.11-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/pidgin-2.7.11-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.7.11-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.7.11-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n9dc4163e9478864075132c118ff8d472 pidgin-2.7.11-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n2452d9ce458f389cea87bb95be881219 pidgin-2.7.11-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n9756d4b8041a45c53180204e3c96895b pidgin-2.7.11-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n25e6a0547480a811b161c41d8c4ae37a pidgin-2.7.11-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ne93bd1b084bcf1e40c91dd6f76572280 pidgin-2.7.11-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nafc35233610a5006c5bb68a98f69ee37 pidgin-2.7.11-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nb739ca36936a9c4d8340302cccc6af7e pidgin-2.7.11-x86_64-1_slack13.1.txz\n\nSlackware -current package:\n4f6b03e6e2ab6211a8877e6a9263fc37 pidgin-2.7.11-i486-1.txz\n\nSlackware x86_64 -current package:\n4ae470c38ce62b9a580cbc144a04a5de pidgin-2.7.11-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.7.11-i486-1_slack13.1.txz", "modified": "2011-03-11T20:02:45", "published": "2011-03-11T20:02:45", "id": "SSA-2011-070-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884", "title": "pidgin", "type": "slackware", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:34", "bulletinFamily": "unix", "description": "### Background\n\nPidgin is an GTK Instant Messenger client.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities allow for arbitrary file retrieval, Denial of Service and arbitrary code execution with the privileges of the user running Pidgin. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.10.0-r1\"", "modified": "2012-06-21T00:00:00", "published": "2012-06-21T00:00:00", "id": "GLSA-201206-11", "href": "https://security.gentoo.org/glsa/201206-11", "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}