Mandriva Linux Security Advisory : pidgin (MDVSA-2011:183)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in pidgin :

When receiving various stanzas related to voice and video chat, the
XMPP protocol plugin failed to ensure that the incoming message
contained all required fields, and would crash if certain fields were
missing.

When receiving various messages related to requesting or receiving
authorization for adding a buddy to a buddy list, the oscar protocol
plugin failed to validate that a piece of text was UTF-8. In some
cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).

When receiving various incoming messages, the SILC protocol plugin
failed to validate that a piece of text was UTF-8. In some cases
invalid UTF-8 data would lead to a crash (CVE-2011-3594).

This update provides pidgin 2.10.1, which is not vulnerable to these
issues.

See also :

http://pidgin.im/news/security/?id=56
http://pidgin.im/news/security/?id=57
http://pidgin.im/news/security/?id=58
http://www.pidgin.im/news/security/

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 57079 ()

Bugtraq ID: 49912
51010

CVE ID: CVE-2011-3594
CVE-2011-4601

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now