Red Hat Local Security Checks : RedHat Update for pidgin RHSA-2012:1102-01

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.870795

Kategorie: Red Hat Local Security Checks

Titel: RedHat Update for pidgin RHSA-2012:1102-01

Zusammenfassung: The remote host is missing an update for the 'pidgin'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'pidgin'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text
that was not encoded in UTF-8. A remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol
plug-in handled MSN notification messages. A malicious server or a remote
attacker could use this flaw to crash Pidgin by sending a specially-crafted
MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A
remote attacker could use this flaw to crash Pidgin by sending a MXit
message containing specially-crafted emoticon tags. (CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

Affected Software/OS:
pidgin on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1178
BugTraq ID: 52475
http://www.securityfocus.com/bid/52475
http://www.mandriva.com/security/advisories?name=MDVSA-2012:029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019
RedHat Security Advisories: RHSA-2012:1102
http://rhn.redhat.com/errata/RHSA-2012-1102.html
http://secunia.com/advisories/50005
Common Vulnerability Exposure (CVE) ID: CVE-2012-2318
BugTraq ID: 53400
http://www.securityfocus.com/bid/53400
http://www.mandriva.com/security/advisories?name=MDVSA-2012:082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448
SuSE Security Announcement: openSUSE-SU-2012:0866 (Google Search)
https://hermes.opensuse.org/messages/15136503
Common Vulnerability Exposure (CVE) ID: CVE-2012-3374
http://www.mandriva.com/security/advisories?name=MDVSA-2012:105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678
SuSE Security Announcement: SUSE-SU-2012:0890 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html

Copyright Copyright (c) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.870795
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for pidgin RHSA-2012:1102-01
Zusammenfassung:	The remote host is missing an update for the 'pidgin'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the referenced advisory. Vulnerability Insight: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178) An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. (CVE-2012-2318) A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. (CVE-2012-3374) All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. Affected Software/OS: pidgin on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1178 BugTraq ID: 52475 http://www.securityfocus.com/bid/52475 http://www.mandriva.com/security/advisories?name=MDVSA-2012:029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019 RedHat Security Advisories: RHSA-2012:1102 http://rhn.redhat.com/errata/RHSA-2012-1102.html http://secunia.com/advisories/50005 Common Vulnerability Exposure (CVE) ID: CVE-2012-2318 BugTraq ID: 53400 http://www.securityfocus.com/bid/53400 http://www.mandriva.com/security/advisories?name=MDVSA-2012:082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448 SuSE Security Announcement: openSUSE-SU-2012:0866 (Google Search) https://hermes.opensuse.org/messages/15136503 Common Vulnerability Exposure (CVE) ID: CVE-2012-3374 http://www.mandriva.com/security/advisories?name=MDVSA-2012:105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17678 SuSE Security Announcement: SUSE-SU-2012:0890 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00009.html
Copyright	Copyright (c) 2012 Greenbone Networks GmbH