Test Kennung:	1.3.6.1.4.1.25623.1.0.67400
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2038-2 (pidgin)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to pidgin announced via advisory DSA 2038-2. The packages for Pidgin released as DSA 2038-1 had a regression, as they unintentionally disabled the Zephyr instant messaging protocol. This update restores Zephyr functionality. For reference the original advisory text below. Several remote vulnerabilities have been discovered in Pidgin, a multi protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0420 Crafted nicknames in the XMPP protocol can crash Pidgin remotely. CVE-2010-0423 Remote contacts may send too many custom smilies, crashing Pidgin. Since a few months, Microsoft's servers for MSN have changed the protocol, making Pidgin non-functional for use with MSN. It is not feasible to port these changes to the version of Pidgin in Debian Lenny. This update formalises that situation by disabling the protocol in the client. Users of the MSN protocol are advised to use the version of Pidgin in the repositories of www.backports.org. For the stable distribution (lenny), these problems have been fixed in version 2.4.3-4lenny7. For the unstable distribution (sid), these problems have been fixed in version 2.6.6-1. We recommend that you upgrade your pidgin package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202038-2 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0420 BugTraq ID: 38294 http://www.securityfocus.com/bid/38294 Debian Security Information: DSA-2038 (Google Search) http://www.debian.org/security/2010/dsa-2038 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:041 http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 http://www.osvdb.org/62439 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230 RedHat Security Advisories: RHSA-2010:0115 https://rhn.redhat.com/errata/RHSA-2010-0115.html http://secunia.com/advisories/38563 http://secunia.com/advisories/38640 http://secunia.com/advisories/38658 http://secunia.com/advisories/38712 http://secunia.com/advisories/38915 http://secunia.com/advisories/39509 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.ubuntu.com/usn/USN-902-1 http://www.vupen.com/english/advisories/2010/0413 http://www.vupen.com/english/advisories/2010/0914 http://www.vupen.com/english/advisories/2010/1020 XForce ISS Database: pidgin-xmpp-nickname-dos(56399) https://exchange.xforce.ibmcloud.com/vulnerabilities/56399 Common Vulnerability Exposure (CVE) ID: CVE-2010-0423 http://www.osvdb.org/62440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842 XForce ISS Database: pidgin-smileys-dos(56394) https://exchange.xforce.ibmcloud.com/vulnerabilities/56394
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.