15 matches found
Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64
CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topics DoS CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite DoS CVE-2009-3085 Pidgin: NULL pointer dereference by...
SuSE 10 Security Update : pidgin (ZYPP Patch Number 6709)
This update of pidgin fixes the following issues : - Allowed to send confidential data unencrypted even if SSL was chosen by user. CVE-2009-3026: CVSS v2 Base Score: 5.0 - Remote denial of service in yahoo IM plug-in. CVE-2009-3025: CVSS v2 Base Score: 4.3 - Remote denial of service in MSN plug-i...
SuSE 10 Security Update : pidgin (ZYPP Patch Number 6710)
This update of pidgin fixes the following issues : - Allowed to send confidential data unencrypted even if SSL was chosen by user. CVE-2009-3026: CVSS v2 Base Score: 5.0 - Remote denial of service in yahoo IM plug-in. CVE-2009-3025: CVSS v2 Base Score: 4.3 - Remote denial of service in MSN plug-i...
Ubuntu: Security Advisory (USN-886-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-886-1: Pidgin vulnerabilities
It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.1...
Mandriva Security Advisory MDVSA-2009:321 (pidgin)
The remote host is missing an update to pidgin announced via advisory MDVSA-2009:321. OpenVAS Vulnerability Test $Id: mdksa2009321.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:321 pidgin Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
openSUSE Security Update : finch (finch-1625)
This update of pidgin fixes the following issues : - CVE-2009-3026: CVSS v2 Base Score: 5.0 Allowed to send confidential data unencrypted even if SSL was chosen by user. - CVE-2009-3025: CVSS v2 Base Score: 4.3 Remote denial of service in yahoo IM plug-in. - CVE-2009-3083: CVSS v2 Base Score: 5.0...
openSUSE Security Update : finch (finch-1625)
This update of pidgin fixes the following issues : - CVE-2009-3026: CVSS v2 Base Score: 5.0 Allowed to send confidential data unencrypted even if SSL was chosen by user. - CVE-2009-3025: CVSS v2 Base Score: 4.3 Remote denial of service in yahoo IM plug-in. - CVE-2009-3083: CVSS v2 Base Score: 5.0...
openSUSE Security Update : finch (finch-1625)
This update of pidgin fixes the following issues : - CVE-2009-3026: CVSS v2 Base Score: 5.0 Allowed to send confidential data unencrypted even if SSL was chosen by user. - CVE-2009-3025: CVSS v2 Base Score: 4.3 Remote denial of service in yahoo IM plug-in. - CVE-2009-3083: CVSS v2 Base Score: 5.0...
SLES11: Security update for pidgin
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: cdparanoia desktop-file-utils fam gnome-vfs2 gstreamer-010 libogg0 liboil More details may also be found by searching for the SuSE Enterprise Server 11 patch...
finch, libpurple, pidgin security update
CentOS Errata and Security Advisory CESA-2009:1453 Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is an instant messaging...
Mandrake Security Advisory MDVSA-2009:230 (pidgin)
The remote host is missing an update to pidgin announced via advisory MDVSA-2009:230. OpenVAS Vulnerability Test $Id: mdksa2009230.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:230 pidgin Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
CVE-2009-3026
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...
CVE-2009-3026
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption an...
CVE-2009-3026
CVE-2009-3026 concerns Pidgin (libpurple) up to version 2.6.0, where the XMPP/Jabber client may ignore the SSL/TLS requirement when connecting to very old Jabber servers. This behavior can establish a non‑encrypted session, enabling a remote attacker to sniff user conversations as described in th...