SuSE 11 Security Update : pidgin (SAT Patch Number 1094)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

Several bugfixes were done for the Instant Messenger Pidgin :

- Malformed responses to file transfers could cause a
buffer overflow in pidgin (CVE-2009-1373) and specially
crafted packets could crash it. (CVE-2009-1375)

- The fix against integer overflows in the msn protocol
handling was incomplete. (CVE-2009-1376)

- Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889,
Pidgin#9483). Also the Yahoo IM protocol was made to
work again.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=404163
https://bugzilla.novell.com/show_bug.cgi?id=503447
https://bugzilla.novell.com/show_bug.cgi?id=517786
https://bugzilla.novell.com/show_bug.cgi?id=518301
http://support.novell.com/security/cve/CVE-2009-1373.html
http://support.novell.com/security/cve/CVE-2009-1375.html
http://support.novell.com/security/cve/CVE-2009-1376.html
http://support.novell.com/security/cve/CVE-2009-1889.html

Solution :

Apply SAT patch number 1094.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 41388 ()

Bugtraq ID:

CVE ID: CVE-2009-1373
CVE-2009-1375
CVE-2009-1376
CVE-2009-1889

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now