openSUSE Security Update : finch (finch-2032)
Medium Nessus Plugin ID 44976
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of pidgin fixes various security vulnerabilities
- CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol.
- CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least.
- CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch.
- CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.
SolutionUpdate the affected finch packages.