Test Kennung:	1.3.6.1.4.1.25623.1.0.880618
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for finch CESA-2010:0788 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'finch'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'finch' package(s) announced via the referenced advisory. Vulnerability Insight: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for authentication. (CVE-2010-3711) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in processed custom emoticon messages. A remote attacker could use this flaw to crash Pidgin by sending specially-crafted emoticon messages during mutual communication. (CVE-2010-1624) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2010-3711, and Pierre Nogus of Meta Security as the original reporter of CVE-2010-1624. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. Affected Software/OS: finch on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1624 BugTraq ID: 40138 http://www.securityfocus.com/bid/40138 http://www.mandriva.com/security/advisories?name=MDVSA-2010:097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547 http://www.redhat.com/support/errata/RHSA-2010-0788.html http://secunia.com/advisories/39801 http://secunia.com/advisories/41899 http://www.ubuntu.com/usn/USN-1014-1 http://www.vupen.com/english/advisories/2010/1141 http://www.vupen.com/english/advisories/2010/2755 XForce ISS Database: pidgin-slp-packets-dos(58559) https://exchange.xforce.ibmcloud.com/vulnerabilities/58559 Common Vulnerability Exposure (CVE) ID: CVE-2010-3711 BugTraq ID: 44283 http://www.securityfocus.com/bid/44283 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:208 http://www.osvdb.org/68773 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506 http://www.redhat.com/support/errata/RHSA-2010-0890.html http://securitytracker.com/id?1024623 http://secunia.com/advisories/41893 http://secunia.com/advisories/42075 http://secunia.com/advisories/42294 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352 http://www.vupen.com/english/advisories/2010/2753 http://www.vupen.com/english/advisories/2010/2754 http://www.vupen.com/english/advisories/2010/2847 http://www.vupen.com/english/advisories/2010/2851 http://www.vupen.com/english/advisories/2010/2870 XForce ISS Database: pidgin-purplebase64decode-dos(62708) https://exchange.xforce.ibmcloud.com/vulnerabilities/62708
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.