SuSE 11 Security Update : pidgin (SAT Patch Number 1094)

High Nessus Plugin ID 41388


The remote SuSE 11 host is missing one or more security updates.


Several bugfixes were done for the Instant Messenger Pidgin :

- Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it. (CVE-2009-1375)

- The fix against integer overflows in the msn protocol handling was incomplete. (CVE-2009-1376)

- Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was made to work again.


Apply SAT patch number 1094.

See Also

Plugin Details

Severity: High

ID: 41388

File Name: suse_11_finch-090709.nasl

Version: $Revision: 1.9 $

Type: local

Agent: unix

Published: 2009/09/24

Modified: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:finch, p-cpe:/a:novell:suse_linux:11:libpurple, p-cpe:/a:novell:suse_linux:11:libpurple-lang, p-cpe:/a:novell:suse_linux:11:pidgin, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/07/09

Reference Information

CVE: CVE-2009-1373, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889

CWE: 119, 189, 399