CentOS Local Security Checks : CentOS Update for finch CESA-2009:1218 centos5 i386

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.880666

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for finch CESA-2009:1218 centos5 i386

Zusammenfassung: The remote host is missing an update for the 'finch'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'finch'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's
MSN protocol handler. If a user received a malicious MSN message, it was
possible to execute arbitrary code with the permissions of the user running
Pidgin. (CVE-2009-2694)

Note: Users can change their privacy settings to only allow messages from
users on their buddy list to limit the impact of this flaw.

These packages upgrade Pidgin to version 2.5.9. Refer to the linked Pidgin release
notes for a full list of changes.

All Pidgin users should upgrade to these updated packages, which resolve
this issue. Pidgin must be restarted for this update to take effect.

Affected Software/OS:
finch on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2694
Debian Security Information: DSA-1870 (Google Search)
http://www.debian.org/security/2009/dsa-1870
http://www.exploit-db.com/exploits/9615
http://www.coresecurity.com/content/libpurple-arbitrary-write
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
RedHat Security Advisories: RHSA-2009:1218
https://rhn.redhat.com/errata/RHSA-2009-1218.html
http://secunia.com/advisories/36384
http://secunia.com/advisories/36392
http://secunia.com/advisories/36401
http://secunia.com/advisories/36402
http://secunia.com/advisories/36708
http://secunia.com/advisories/37071
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
http://www.vupen.com/english/advisories/2009/2303
http://www.vupen.com/english/advisories/2009/2663

Copyright Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.880666
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for finch CESA-2009:1218 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'finch'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'finch' package(s) announced via the referenced advisory. Vulnerability Insight: Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694) Note: Users can change their privacy settings to only allow messages from users on their buddy list to limit the impact of this flaw. These packages upgrade Pidgin to version 2.5.9. Refer to the linked Pidgin release notes for a full list of changes. All Pidgin users should upgrade to these updated packages, which resolve this issue. Pidgin must be restarted for this update to take effect. Affected Software/OS: finch on CentOS 5 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2694 Debian Security Information: DSA-1870 (Google Search) http://www.debian.org/security/2009/dsa-1870 http://www.exploit-db.com/exploits/9615 http://www.coresecurity.com/content/libpurple-arbitrary-write https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 RedHat Security Advisories: RHSA-2009:1218 https://rhn.redhat.com/errata/RHSA-2009-1218.html http://secunia.com/advisories/36384 http://secunia.com/advisories/36392 http://secunia.com/advisories/36401 http://secunia.com/advisories/36402 http://secunia.com/advisories/36708 http://secunia.com/advisories/37071 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 http://www.vupen.com/english/advisories/2009/2303 http://www.vupen.com/english/advisories/2009/2663
Copyright	Copyright (c) 2011 Greenbone Networks GmbH