openSUSE Security Update : pidgin (openSUSE-SU-2013:0405-1)
Medium Nessus Plugin ID 74915
SynopsisThe remote openSUSE host is missing a security update.
Descriptionpidgin was updated to fix security issues :
- Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
- Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)
- Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272)
- Fix a bug where a remote MXit user could possibly specify a local file path to be written to.
SolutionUpdate the affected pidgin packages.