openSUSE 10 Security Update : finch (finch-5592)
Medium Nessus Plugin ID 34199
SynopsisThe remote openSUSE host is missing a security update.
Description- specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-2927).
- overly long file names in MSN file transfers could crash pidgin (CVE-2008-2955).
- SSL certifcates were not verfied. Therefore piding didn't notice faked certificates (CVE-2008-3532)
Additionally a problem was fixed that prevented gaim clients from connecting to the ICQ network after a server change on July 1st 2008.
SolutionUpdate the affected finch packages.