This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2010-0277 pidgin MSN protocol plugin memory corruption
CVE-2010-0420 pidgin: Finch XMPP MUC Crash
CVE-2010-0423 pidgin: Smiley Denial of Service
An input sanitization flaw was found in the way Pidgin's MSN protocol
implementation handled MSNSLP invitations. A remote attacker could
send a specially-crafted INVITE request that would cause a denial of
service (memory corruption and Pidgin crash). (CVE-2010-0277)
A denial of service flaw was found in Finch's XMPP chat
implementation, when using multi-user chat. If a Finch user in a
multi-user chat session were to change their nickname to contain the
HTML 'br' element, it would cause Finch to crash. (CVE-2010-0420)
A denial of service flaw was found in the way Pidgin processed
emoticon images. A remote attacker could flood the victim with
emoticon images during mutual communication, leading to excessive CPU
Pidgin must be restarted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0