CentOS Local Security Checks : CentOS Update for finch CESA-2009:1453 centos4 i386

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880899

Categoría: CentOS Local Security Checks

Título: CentOS Update for finch CESA-2009:1453 centos4 i386

Resumen: The remote host is missing an update for the 'finch'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'finch'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. Info/Query
(IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific
request-response mechanism.

A NULL pointer dereference flaw was found in the way the Pidgin XMPP
protocol plug-in processes IQ error responses when trying to fetch a custom
smiley. A remote client could send a specially-crafted IQ error response
that would crash Pidgin. (CVE-2009-3085)

A NULL pointer dereference flaw was found in the way the Pidgin IRC
protocol plug-in handles IRC topics. A malicious IRC server could send a
specially-crafted IRC TOPIC message, which once received by Pidgin, would
lead to a denial of service (Pidgin crash). (CVE-2009-2703)

It was discovered that, when connecting to certain, very old Jabber servers
via XMPP, Pidgin may ignore the 'Require SSL/TLS' setting. In these
situations, a non-encrypted connection is established rather than the
connection failing, causing the user to believe they are using an encrypted
connection when they are not, leading to sensitive information disclosure
(session sniffing). (CVE-2009-3026)

A NULL pointer dereference flaw was found in the way the Pidgin MSN
protocol plug-in handles improper MSNSLP invitations. A remote attacker
could send a specially-crafted MSNSLP invitation request, which once
accepted by a valid Pidgin user, would lead to a denial of service (Pidgin
crash). (CVE-2009-3083)

These packages upgrade Pidgin to version 2.6.2. Refer to the linked Pidgin release
notes for a full list of changes.

All Pidgin users should upgrade to these updated packages, which correct
these issues. Pidgin must be restarted for this update to take effect.

Affected Software/OS:
finch on CentOS 4

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2703
BugTraq ID: 36277
http://www.securityfocus.com/bid/36277
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435
http://secunia.com/advisories/36601
Common Vulnerability Exposure (CVE) ID: CVE-2009-3026
BugTraq ID: 36368
http://www.securityfocus.com/bid/36368
http://www.openwall.com/lists/oss-security/2009/08/24/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757
http://secunia.com/advisories/37071
XForce ISS Database: pidgin-libpurple-weak-security(53000)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53000
Common Vulnerability Exposure (CVE) ID: CVE-2009-3083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322
Common Vulnerability Exposure (CVE) ID: CVE-2009-3085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880899
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for finch CESA-2009:1453 centos4 i386
Resumen:	The remote host is missing an update for the 'finch'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'finch' package(s) announced via the referenced advisory. Vulnerability Insight: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query (IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. (CVE-2009-3085) A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the 'Require SSL/TLS' setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure (session sniffing). (CVE-2009-3026) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) These packages upgrade Pidgin to version 2.6.2. Refer to the linked Pidgin release notes for a full list of changes. All Pidgin users should upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect. Affected Software/OS: finch on CentOS 4 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2703 BugTraq ID: 36277 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 http://secunia.com/advisories/36601 Common Vulnerability Exposure (CVE) ID: CVE-2009-3026 BugTraq ID: 36368 http://www.securityfocus.com/bid/36368 http://www.openwall.com/lists/oss-security/2009/08/24/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757 http://secunia.com/advisories/37071 XForce ISS Database: pidgin-libpurple-weak-security(53000) https://exchange.xforce.ibmcloud.com/vulnerabilities/53000 Common Vulnerability Exposure (CVE) ID: CVE-2009-3083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 Common Vulnerability Exposure (CVE) ID: CVE-2009-3085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434
Copyright	Copyright (c) 2011 Greenbone Networks GmbH