Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:143 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61268

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:143 (pidgin)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to pidgin
announced via advisory MDVSA-2008:143.

An integer overflow flaw was found in Pidgin's MSN protocol handler
that could allow for the execution of arbitrary code if a user received
a malicious MSN message (CVE-2008-2927).

In addition, this update provides the ability to use ICQ networks
again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin
for 2008.1).

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:143

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2927
1020451
http://www.securitytracker.com/id?1020451
20080625 Pidgin 2.4.1 Vulnerability
http://www.securityfocus.com/archive/1/493682
20080806 rPSA-2008-0246-1 gaim
http://www.securityfocus.com/archive/1/495165/100/0/threaded
20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
http://www.securityfocus.com/archive/1/495818/100/0/threaded
29956
http://www.securityfocus.com/bid/29956
30971
http://secunia.com/advisories/30971
31016
http://secunia.com/advisories/31016
31105
http://secunia.com/advisories/31105
31387
http://secunia.com/advisories/31387
31642
http://secunia.com/advisories/31642
32859
http://secunia.com/advisories/32859
32861
http://secunia.com/advisories/32861
ADV-2008-2032
http://www.vupen.com/english/advisories/2008/2032/references
DSA-1610
http://www.debian.org/security/2008/dsa-1610
MDVSA-2008:143
http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
MDVSA-2009:127
http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
RHSA-2008:0584
http://www.redhat.com/support/errata/RHSA-2008-0584.html
USN-675-1
http://www.ubuntu.com/usn/USN-675-1
USN-675-2
http://www.ubuntu.com/usn/USN-675-2
[oss-security] 20080703 Re: Re: CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/07/04/1
[oss-security] 20080704 Re: Re: CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/07/03/6
adium-msnprotocol-code-execution(44774)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
http://www.pidgin.im/news/security/?id=25
http://www.zerodayinitiative.com/advisories/ZDI-08-054
https://bugzilla.redhat.com/show_bug.cgi?id=453764
https://issues.rpath.com/browse/RPL-2647
oval:org.mitre.oval:def:11695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
oval:org.mitre.oval:def:17972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61268
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:143 (pidgin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pidgin announced via advisory MDVSA-2008:143. An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message (CVE-2008-2927). In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue. Affected: 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:143 Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2927 1020451 http://www.securitytracker.com/id?1020451 20080625 Pidgin 2.4.1 Vulnerability http://www.securityfocus.com/archive/1/493682 20080806 rPSA-2008-0246-1 gaim http://www.securityfocus.com/archive/1/495165/100/0/threaded 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability http://www.securityfocus.com/archive/1/495818/100/0/threaded 29956 http://www.securityfocus.com/bid/29956 30971 http://secunia.com/advisories/30971 31016 http://secunia.com/advisories/31016 31105 http://secunia.com/advisories/31105 31387 http://secunia.com/advisories/31387 31642 http://secunia.com/advisories/31642 32859 http://secunia.com/advisories/32859 32861 http://secunia.com/advisories/32861 ADV-2008-2032 http://www.vupen.com/english/advisories/2008/2032/references DSA-1610 http://www.debian.org/security/2008/dsa-1610 MDVSA-2008:143 http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 MDVSA-2009:127 http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 RHSA-2008:0584 http://www.redhat.com/support/errata/RHSA-2008-0584.html USN-675-1 http://www.ubuntu.com/usn/USN-675-1 USN-675-2 http://www.ubuntu.com/usn/USN-675-2 [oss-security] 20080703 Re: Re: CVE Request (pidgin) http://www.openwall.com/lists/oss-security/2008/07/04/1 [oss-security] 20080704 Re: Re: CVE Request (pidgin) http://www.openwall.com/lists/oss-security/2008/07/03/6 adium-msnprotocol-code-execution(44774) https://exchange.xforce.ibmcloud.com/vulnerabilities/44774 http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 http://www.pidgin.im/news/security/?id=25 http://www.zerodayinitiative.com/advisories/ZDI-08-054 https://bugzilla.redhat.com/show_bug.cgi?id=453764 https://issues.rpath.com/browse/RPL-2647 oval:org.mitre.oval:def:11695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695 oval:org.mitre.oval:def:17972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com