Risks
Advisories
Browse
or
or
SUSE Security Update - pidgin (SUSE-SU-2013:0388-1)
SUSE Security Update: Security update for pidgin
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0388-1
Rating:             important
References:         #804742
Cross-References:   CVE-2013-0271 CVE-2013-0272 CVE-2013-0273
                    CVE-2013-0274
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:


   pidgin was updated to fix 4 security issues:

   * Fixed a crash when receiving UPnP responses with
   abnormally long values. (CVE-2013-0274, bnc#804742)
   * Fixed a crash in Sametime protocol when a malicious
   server sends us an abnormally long user ID. (CVE-2013-0273,
   bnc#804742)
   * Fixed a bug where the MXit server or a
   man-in-the-middle could potentially send specially crafted
   data that could overflow a buffer and lead to a crash or
   remote code execution.(CVE-2013-0272, bnc#804742)
   * Fixed a bug where a remote MXit user could possibly
   specify a local file path to be written to. (CVE-2013-0271,
   bnc#804742)

   Security Issue references:

   * CVE-2013-0271
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
   >
   * CVE-2013-0272
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
   >
   * CVE-2013-0273
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
   >
   * CVE-2013-0274
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-finch-7429

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-finch-7429

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x
x86_64):

      finch-2.6.6-0.19.1
      finch-devel-2.6.6-0.19.1
      libpurple-2.6.6-0.19.1
      libpurple-devel-2.6.6-0.19.1
      libpurple-lang-2.6.6-0.19.1
      pidgin-2.6.6-0.19.1
      pidgin-devel-2.6.6-0.19.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      finch-2.6.6-0.19.1
      libpurple-2.6.6-0.19.1
      libpurple-lang-2.6.6-0.19.1
      libpurple-meanwhile-2.6.6-0.19.1
      libpurple-tcl-2.6.6-0.19.1
      pidgin-2.6.6-0.19.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      finch-2.6.6-0.20.1
      libpurple-2.6.6-0.20.1
      pidgin-2.6.6-0.20.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      finch-2.6.6-0.20.1
      finch-devel-2.6.6-0.20.1
      libpurple-2.6.6-0.20.1
      libpurple-devel-2.6.6-0.20.1
      pidgin-2.6.6-0.20.1
      pidgin-devel-2.6.6-0.20.1


References:

   http://support.novell.com/security/cve/CVE-2013-0271.html
   http://support.novell.com/security/cve/CVE-2013-0272.html
   http://support.novell.com/security/cve/CVE-2013-0273.html
   http://support.novell.com/security/cve/CVE-2013-0274.html
   https://bugzilla.novell.com/804742
  
http://download.novell.com/patch/finder/?keywords=18e124b7db8b5f6aa5744f916ed16466
   http://download.novell.com/patch/finder/?keywords=51b5f7c142afdeafafca33c1a4681683




Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //