Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:143 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61268

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:143 (pidgin)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to pidgin
announced via advisory MDVSA-2008:143.

An integer overflow flaw was found in Pidgin's MSN protocol handler
that could allow for the execution of arbitrary code if a user received
a malicious MSN message (CVE-2008-2927).

In addition, this update provides the ability to use ICQ networks
again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin
for 2008.1).

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:143

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2927
BugTraq ID: 29956
http://www.securityfocus.com/bid/29956
Bugtraq: 20080625 Pidgin 2.4.1 Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493682
Bugtraq: 20080806 rPSA-2008-0246-1 gaim (Google Search)
http://www.securityfocus.com/archive/1/495165/100/0/threaded
Bugtraq: 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495818/100/0/threaded
Debian Security Information: DSA-1610 (Google Search)
http://www.debian.org/security/2008/dsa-1610
http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
http://www.zerodayinitiative.com/advisories/ZDI-08-054
http://www.openwall.com/lists/oss-security/2008/07/04/1
http://www.openwall.com/lists/oss-security/2008/07/03/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
http://www.redhat.com/support/errata/RHSA-2008-0584.html
http://www.securitytracker.com/id?1020451
http://secunia.com/advisories/30971
http://secunia.com/advisories/31016
http://secunia.com/advisories/31105
http://secunia.com/advisories/31387
http://secunia.com/advisories/31642
http://secunia.com/advisories/32859
http://secunia.com/advisories/32861
http://www.ubuntu.com/usn/USN-675-1
http://www.ubuntu.com/usn/USN-675-2
http://www.vupen.com/english/advisories/2008/2032/references
XForce ISS Database: adium-msnprotocol-code-execution(44774)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44774

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61268
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:143 (pidgin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pidgin announced via advisory MDVSA-2008:143. An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message (CVE-2008-2927). In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue. Affected: 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:143 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2927 BugTraq ID: 29956 http://www.securityfocus.com/bid/29956 Bugtraq: 20080625 Pidgin 2.4.1 Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493682 Bugtraq: 20080806 rPSA-2008-0246-1 gaim (Google Search) http://www.securityfocus.com/archive/1/495165/100/0/threaded Bugtraq: 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/495818/100/0/threaded Debian Security Information: DSA-1610 (Google Search) http://www.debian.org/security/2008/dsa-1610 http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 http://www.zerodayinitiative.com/advisories/ZDI-08-054 http://www.openwall.com/lists/oss-security/2008/07/04/1 http://www.openwall.com/lists/oss-security/2008/07/03/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972 http://www.redhat.com/support/errata/RHSA-2008-0584.html http://www.securitytracker.com/id?1020451 http://secunia.com/advisories/30971 http://secunia.com/advisories/31016 http://secunia.com/advisories/31105 http://secunia.com/advisories/31387 http://secunia.com/advisories/31642 http://secunia.com/advisories/32859 http://secunia.com/advisories/32861 http://www.ubuntu.com/usn/USN-675-1 http://www.ubuntu.com/usn/USN-675-2 http://www.vupen.com/english/advisories/2008/2032/references XForce ISS Database: adium-msnprotocol-code-execution(44774) https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com