Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:148 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68263

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:148 (pidgin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to pidgin
announced via advisory MDVSA-2010:148.

A security vulnerability has been identified and fixed in pidgin:

The clientautoresp function in family_icbm.c in the oscar protocol
plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated
users to cause a denial of service (NULL pointer dereference and
application crash) via an X-Status message that lacks the expected
end tag for a (1) desc or (2) title element (CVE-2010-2528).

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

This update provides pidgin 2.7.3, which is not vulnerable to this
issue.

Affected: 2008.0, 2009.0, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:148
http://pidgin.im/news/security/

Risk factor : Medium

CVSS Score:
4.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2528
40699
http://secunia.com/advisories/40699
41881
http://www.securityfocus.com/bid/41881
66506
http://www.osvdb.org/66506
ADV-2010-1887
http://www.vupen.com/english/advisories/2010/1887
ADV-2010-2221
http://www.vupen.com/english/advisories/2010/2221
SSA:2010-240-05
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873
http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c
http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0
http://www.pidgin.im/news/security/index.php?id=47
oval:org.mitre.oval:def:18359
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359
pidgin-xstatus-dos(60566)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60566

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68263
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:148 (pidgin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pidgin announced via advisory MDVSA-2010:148. A security vulnerability has been identified and fixed in pidgin: The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element (CVE-2010-2528). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. This update provides pidgin 2.7.3, which is not vulnerable to this issue. Affected: 2008.0, 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:148 http://pidgin.im/news/security/ Risk factor : Medium CVSS Score: 4.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2528 40699 http://secunia.com/advisories/40699 41881 http://www.securityfocus.com/bid/41881 66506 http://www.osvdb.org/66506 ADV-2010-1887 http://www.vupen.com/english/advisories/2010/1887 ADV-2010-2221 http://www.vupen.com/english/advisories/2010/2221 SSA:2010-240-05 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873 http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0 http://www.pidgin.im/news/security/index.php?id=47 oval:org.mitre.oval:def:18359 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359 pidgin-xstatus-dos(60566) https://exchange.xforce.ibmcloud.com/vulnerabilities/60566
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com