Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:050 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69248

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:050 (pidgin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to pidgin
announced via advisory MDVSA-2011:050.

Multiple vulnerabilities has been identified and fixed in pidgin:

It was discovered that libpurple versions prior to 2.7.10 do not
properly clear certain data structures used in libpurple/cipher.c
prior to freeing. An attacker could potentially extract partial
information from memory regions freed by libpurple.

The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10
do not properly handle malformed YMSG packets, leading to NULL pointer
dereferences and application crash (CVE-2011-1091).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update provides pidgin 2.7.11, which is not vulnerable to
these issues.

Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:050
http://pidgin.im/news/security/
http://www.pidgin.im/news/security/?id=50

Risk factor : Medium

CVSS Score:
4.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1091
BugTraq ID: 46837
http://www.securityfocus.com/bid/46837
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402
http://www.redhat.com/support/errata/RHSA-2011-0616.html
http://www.redhat.com/support/errata/RHSA-2011-1371.html
http://secunia.com/advisories/43695
http://secunia.com/advisories/43721
http://secunia.com/advisories/46376
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884
SuSE Security Announcement: openSUSE-SU-2012:0066 (Google Search)
https://hermes.opensuse.org/messages/13195955
http://www.vupen.com/english/advisories/2011/0643
http://www.vupen.com/english/advisories/2011/0661
http://www.vupen.com/english/advisories/2011/0669
http://www.vupen.com/english/advisories/2011/0703
XForce ISS Database: pidgin-yahoo-protocol-dos(66055)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66055

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69248
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:050 (pidgin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pidgin announced via advisory MDVSA-2011:050. Multiple vulnerabilities has been identified and fixed in pidgin: It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple. The Yahoo protocol plugin in libpurple versions 2.6.0 through 2.7.10 do not properly handle malformed YMSG packets, leading to NULL pointer dereferences and application crash (CVE-2011-1091). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides pidgin 2.7.11, which is not vulnerable to these issues. Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:050 http://pidgin.im/news/security/ http://www.pidgin.im/news/security/?id=50 Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1091 BugTraq ID: 46837 http://www.securityfocus.com/bid/46837 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055874.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056309.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18402 http://www.redhat.com/support/errata/RHSA-2011-0616.html http://www.redhat.com/support/errata/RHSA-2011-1371.html http://secunia.com/advisories/43695 http://secunia.com/advisories/43721 http://secunia.com/advisories/46376 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.466884 SuSE Security Announcement: openSUSE-SU-2012:0066 (Google Search) https://hermes.opensuse.org/messages/13195955 http://www.vupen.com/english/advisories/2011/0643 http://www.vupen.com/english/advisories/2011/0661 http://www.vupen.com/english/advisories/2011/0669 http://www.vupen.com/english/advisories/2011/0703 XForce ISS Database: pidgin-yahoo-protocol-dos(66055) https://exchange.xforce.ibmcloud.com/vulnerabilities/66055
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com