Security update for pidgin (important)

2013-03-0423:04:31

lists.opensuse.org

0.02 Low

EPSS

Percentile

87.6%

JSON

pidgin was updated to fix 4 security issues:

Fixed a crash when receiving UPnP responses with
abnormally long values. (CVE-2013-0274, bnc#804742)
Fixed a crash in Sametime protocol when a malicious
server sends us an abnormally long user ID. (CVE-2013-0273,
bnc#804742)
Fixed a bug where the MXit server or a
man-in-the-middle could potentially send specially crafted
data that could overflow a buffer and lead to a crash or
remote code execution.(CVE-2013-0272, bnc#804742)
Fixed a bug where a remote MXit user could possibly
specify a local file path to be written to. (CVE-2013-0271,
bnc#804742)

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit11.2i586libpurple< 2.6.6-0.19.1libpurple-2.6.6-0.19.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.2i586pidgin< 2.6.6-0.19.1pidgin-2.6.6-0.19.1.i586.rpm
SUSE Linux Enterprise Desktop10.4i586libpurple< 2.6.6-0.20.1libpurple-2.6.6-0.20.1.i586.rpm
SLE SDK10.4ia64pidgin< 2.6.6-0.20.1pidgin-2.6.6-0.20.1.ia64.rpm
SUSE Linux Enterprise Desktop11.2x86_64libpurple-meanwhile< 2.6.6-0.19.1libpurple-meanwhile-2.6.6-0.19.1.x86_64.rpm
SLE SDK10.4i586libpurple-devel< 2.6.6-0.20.1libpurple-devel-2.6.6-0.20.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.2x86_64pidgin-devel< 2.6.6-0.19.1pidgin-devel-2.6.6-0.19.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit11.2x86_64pidgin< 2.6.6-0.19.1pidgin-2.6.6-0.19.1.x86_64.rpm
SLE SDK10.4i586finch-devel< 2.6.6-0.20.1finch-devel-2.6.6-0.20.1.i586.rpm
SUSE Linux Enterprise Software Development Kit11.2x86_64libpurple-devel< 2.6.6-0.19.1libpurple-devel-2.6.6-0.19.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Software Development Kit	11.2	i586	libpurple	< 2.6.6-0.19.1	libpurple-2.6.6-0.19.1.i586.rpm
SUSE Linux Enterprise Software Development Kit	11.2	i586	pidgin	< 2.6.6-0.19.1	pidgin-2.6.6-0.19.1.i586.rpm
SUSE Linux Enterprise Desktop	10.4	i586	libpurple	< 2.6.6-0.20.1	libpurple-2.6.6-0.20.1.i586.rpm
SLE SDK	10.4	ia64	pidgin	< 2.6.6-0.20.1	pidgin-2.6.6-0.20.1.ia64.rpm
SUSE Linux Enterprise Desktop	11.2	x86_64	libpurple-meanwhile	< 2.6.6-0.19.1	libpurple-meanwhile-2.6.6-0.19.1.x86_64.rpm
SLE SDK	10.4	i586	libpurple-devel	< 2.6.6-0.20.1	libpurple-devel-2.6.6-0.20.1.i586.rpm
SUSE Linux Enterprise Software Development Kit	11.2	x86_64	pidgin-devel	< 2.6.6-0.19.1	pidgin-devel-2.6.6-0.19.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	11.2	x86_64	pidgin	< 2.6.6-0.19.1	pidgin-2.6.6-0.19.1.x86_64.rpm
SLE SDK	10.4	i586	finch-devel	< 2.6.6-0.20.1	finch-devel-2.6.6-0.20.1.i586.rpm
SUSE Linux Enterprise Software Development Kit	11.2	x86_64	libpurple-devel	< 2.6.6-0.19.1	libpurple-devel-2.6.6-0.19.1.x86_64.rpm