Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:029 (pidgin)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72016

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:029 (pidgin)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to pidgin
announced via advisory MDVSA-2012:029.

Multiple vulnerabilities has been discovered and corrected in pidgin:

The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin
before 2.10.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) by changing a nickname
while in an XMPP chat room (CVE-2011-4939).

The msn_oim_report_to_user function in oim.c in the MSN protocol
plugin in libpurple in Pidgin before 2.10.2 allows remote servers to
cause a denial of service (application crash) via an OIM message that
lacks UTF-8 encoding (CVE-2012-1178).

This update provides pidgin 2.10.2, which is not vulnerable to
these issues.

Affected: 2011., Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:029
http://www.pidgin.im/news/security/
http://pidgin.im/news/security/?id=60
http://pidgin.im/news/security/?id=61

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4939
MDVSA-2012:029
http://www.mandriva.com/security/advisories?name=MDVSA-2012:029
http://developer.pidgin.im/ticket/14392
http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c
http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699
http://pidgin.im/news/security/?id=60
oval:org.mitre.oval:def:18406
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406
Common Vulnerability Exposure (CVE) ID: CVE-2012-1178
50005
http://secunia.com/advisories/50005
52475
http://www.securityfocus.com/bid/52475
RHSA-2012:1102
http://rhn.redhat.com/errata/RHSA-2012-1102.html
http://developer.pidgin.im/ticket/14884
http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c
http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd
http://pidgin.im/news/security/?id=61
oval:org.mitre.oval:def:18019
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72016
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:029 (pidgin)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to pidgin announced via advisory MDVSA-2012:029. Multiple vulnerabilities has been discovered and corrected in pidgin: The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room (CVE-2011-4939). The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding (CVE-2012-1178). This update provides pidgin 2.10.2, which is not vulnerable to these issues. Affected: 2011., Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:029 http://www.pidgin.im/news/security/ http://pidgin.im/news/security/?id=60 http://pidgin.im/news/security/?id=61 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4939 MDVSA-2012:029 http://www.mandriva.com/security/advisories?name=MDVSA-2012:029 http://developer.pidgin.im/ticket/14392 http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699 http://pidgin.im/news/security/?id=60 oval:org.mitre.oval:def:18406 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406 Common Vulnerability Exposure (CVE) ID: CVE-2012-1178 50005 http://secunia.com/advisories/50005 52475 http://www.securityfocus.com/bid/52475 RHSA-2012:1102 http://rhn.redhat.com/errata/RHSA-2012-1102.html http://developer.pidgin.im/ticket/14884 http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd http://pidgin.im/news/security/?id=61 oval:org.mitre.oval:def:18019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18019
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com