SuSE 10 Security Update : pidgin, gaim and finch (ZYPP Patch Number 5573)
Medium Nessus Plugin ID 51722
The remote SuSE 10 host is missing a security-related patch.
- specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code. (CVE-2008-2927) - overly long file names in MSN file transfers could crash pidgin. (CVE-2008-2955) - SSL certifcates were not verfied. Therefore piding didn't notice faked certificates. (CVE-2008-3532) Additionally a problem was fixed that prevented gaim clients from connecting to the ICQ network after a server change on July 1st 2008.