Risks
Advisories
Browse
or
or
SUSE Security Update - pidgin (SUSE-SU-2013:0388-1)
SUSE Security Update: Security update for pidgin
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0388-1
Rating:             important
References:         #804742
Cross-References:   CVE-2013-0271 CVE-2013-0272 CVE-2013-0273
                    CVE-2013-0274
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:


   pidgin was updated to fix 4 security issues:

   * Fixed a crash when receiving UPnP responses with
   abnormally long values. (CVE-2013-0274, bnc#804742)
   * Fixed a crash in Sametime protocol when a malicious
   server sends us an abnormally long user ID. (CVE-2013-0273,
   bnc#804742)
   * Fixed a bug where the MXit server or a
   man-in-the-middle could potentially send specially crafted
   data that could overflow a buffer and lead to a crash or
   remote code execution.(CVE-2013-0272, bnc#804742)
   * Fixed a bug where a remote MXit user could possibly
   specify a local file path to be written to. (CVE-2013-0271,
   bnc#804742)

   Security Issue references:

   * CVE-2013-0271
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
   >
   * CVE-2013-0272
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
   >
   * CVE-2013-0273
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
   >
   * CVE-2013-0274
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-finch-7429

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-finch-7429

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x
x86_64):

      finch-2.6.6-0.19.1
      finch-devel-2.6.6-0.19.1
      libpurple-2.6.6-0.19.1
      libpurple-devel-2.6.6-0.19.1
      libpurple-lang-2.6.6-0.19.1
      pidgin-2.6.6-0.19.1
      pidgin-devel-2.6.6-0.19.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      finch-2.6.6-0.19.1
      libpurple-2.6.6-0.19.1
      libpurple-lang-2.6.6-0.19.1
      libpurple-meanwhile-2.6.6-0.19.1
      libpurple-tcl-2.6.6-0.19.1
      pidgin-2.6.6-0.19.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      finch-2.6.6-0.20.1
      libpurple-2.6.6-0.20.1
      pidgin-2.6.6-0.20.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      finch-2.6.6-0.20.1
      finch-devel-2.6.6-0.20.1
      libpurple-2.6.6-0.20.1
      libpurple-devel-2.6.6-0.20.1
      pidgin-2.6.6-0.20.1
      pidgin-devel-2.6.6-0.20.1


References:

   http://support.novell.com/security/cve/CVE-2013-0271.html
   http://support.novell.com/security/cve/CVE-2013-0272.html
   http://support.novell.com/security/cve/CVE-2013-0273.html
   http://support.novell.com/security/cve/CVE-2013-0274.html
   https://bugzilla.novell.com/804742
  
http://download.novell.com/patch/finder/?keywords=18e124b7db8b5f6aa5744f916ed16466
   http://download.novell.com/patch/finder/?keywords=51b5f7c142afdeafafca33c1a4681683




Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //