Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:041 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66925

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:041 (pidgin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to pidgin
announced via advisory MDVSA-2010:041.

Multiple security vulnerabilities has been identified and fixed
in pidgin:

Certain malformed SLP messages can trigger a crash because the MSN
protocol plugin fails to check that all pieces of the message are
set correctly (CVE-2010-0277).

In a user in a multi-user chat room has a nickname containing '
'
then libpurple ends up having two users with username ' ' in the room,
and Finch crashes in this situation. We do not believe there is a
possibility of remote code execution (CVE-2010-0420).

oCERT notified us about a problem in Pidgin, where a large amount of
processing time will be used when inserting many smileys into an IM
or chat window. This should not cause a crash, but Pidgin can become
unusable slow (CVE-2010-0423).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

This update provides pidgin 2.6.6, which is not vulnerable to these
issues.

Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:041
http://pidgin.im/news/security/

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0277
BugTraq ID: 38294
http://www.securityfocus.com/bid/38294
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:041
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://www.openwall.com/lists/oss-security/2010/01/07/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421
RedHat Security Advisories: RHSA-2010:0115
https://rhn.redhat.com/errata/RHSA-2010-0115.html
http://secunia.com/advisories/38563
http://secunia.com/advisories/38640
http://secunia.com/advisories/38658
http://secunia.com/advisories/38712
http://secunia.com/advisories/38915
http://secunia.com/advisories/41868
SuSE Security Announcement: SUSE-SR:2010:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://www.ubuntu.com/usn/USN-902-1
http://www.vupen.com/english/advisories/2010/0413
http://www.vupen.com/english/advisories/2010/1020
http://www.vupen.com/english/advisories/2010/2693
Common Vulnerability Exposure (CVE) ID: CVE-2010-0420
38294
38563
38640
38658
38712
38915
39509
http://secunia.com/advisories/39509
62439
http://www.osvdb.org/62439
ADV-2010-0413
ADV-2010-0914
http://www.vupen.com/english/advisories/2010/0914
ADV-2010-1020
DSA-2038
http://www.debian.org/security/2010/dsa-2038
FEDORA-2010-1279
FEDORA-2010-1383
FEDORA-2010-1934
MDVSA-2010:041
MDVSA-2010:085
RHSA-2010:0115
SUSE-SR:2010:006
USN-902-1
http://developer.pidgin.im/wiki/ChangeLog
http://pidgin.im/news/security/?id=44
https://bugzilla.redhat.com/show_bug.cgi?id=565786
oval:org.mitre.oval:def:11485
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485
oval:org.mitre.oval:def:18230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230
pidgin-xmpp-nickname-dos(56399)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56399
Common Vulnerability Exposure (CVE) ID: CVE-2010-0423
62440
http://www.osvdb.org/62440
http://pidgin.im/news/security/?id=45
https://bugzilla.redhat.com/show_bug.cgi?id=565792
oval:org.mitre.oval:def:17554
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554
oval:org.mitre.oval:def:9842
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842
pidgin-smileys-dos(56394)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56394

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66925
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:041 (pidgin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pidgin announced via advisory MDVSA-2010:041. Multiple security vulnerabilities has been identified and fixed in pidgin: Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277). In a user in a multi-user chat room has a nickname containing ' ' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420). oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.6, which is not vulnerable to these issues. Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:041 http://pidgin.im/news/security/ Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0277 BugTraq ID: 38294 http://www.securityfocus.com/bid/38294 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:041 http://www.mandriva.com/security/advisories?name=MDVSA-2010:085 http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://www.openwall.com/lists/oss-security/2010/01/07/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9421 RedHat Security Advisories: RHSA-2010:0115 https://rhn.redhat.com/errata/RHSA-2010-0115.html http://secunia.com/advisories/38563 http://secunia.com/advisories/38640 http://secunia.com/advisories/38658 http://secunia.com/advisories/38712 http://secunia.com/advisories/38915 http://secunia.com/advisories/41868 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.ubuntu.com/usn/USN-902-1 http://www.vupen.com/english/advisories/2010/0413 http://www.vupen.com/english/advisories/2010/1020 http://www.vupen.com/english/advisories/2010/2693 Common Vulnerability Exposure (CVE) ID: CVE-2010-0420 38294 38563 38640 38658 38712 38915 39509 http://secunia.com/advisories/39509 62439 http://www.osvdb.org/62439 ADV-2010-0413 ADV-2010-0914 http://www.vupen.com/english/advisories/2010/0914 ADV-2010-1020 DSA-2038 http://www.debian.org/security/2010/dsa-2038 FEDORA-2010-1279 FEDORA-2010-1383 FEDORA-2010-1934 MDVSA-2010:041 MDVSA-2010:085 RHSA-2010:0115 SUSE-SR:2010:006 USN-902-1 http://developer.pidgin.im/wiki/ChangeLog http://pidgin.im/news/security/?id=44 https://bugzilla.redhat.com/show_bug.cgi?id=565786 oval:org.mitre.oval:def:11485 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485 oval:org.mitre.oval:def:18230 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18230 pidgin-xmpp-nickname-dos(56399) https://exchange.xforce.ibmcloud.com/vulnerabilities/56399 Common Vulnerability Exposure (CVE) ID: CVE-2010-0423 62440 http://www.osvdb.org/62440 http://pidgin.im/news/security/?id=45 https://bugzilla.redhat.com/show_bug.cgi?id=565792 oval:org.mitre.oval:def:17554 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554 oval:org.mitre.oval:def:9842 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9842 pidgin-smileys-dos(56394) https://exchange.xforce.ibmcloud.com/vulnerabilities/56394
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com