Oval Definition:	oval:org.mitre.oval:def:13496
Revision Date: 2014-06-30 Version: 21 Title: USN-781-1 -- pidgin vulnerabilities Description: It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 CVE-2009-1376 USN-781-1 USN-781-1 Platform(s): Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.04 Product(s): pidgin Definition Synopsis Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section libpurple-dev DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR finch-dev DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR pidgin-dev DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR libpurple-bin DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR pidgin-data DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is lpia AND Packages section libpurple0 DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR pidgin-dbg DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR pidgin DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR finch DPKG is earlier than 1:2.5.2-0ubuntu1.2 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section finch-dev DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR pidgin-dev DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR gaim DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR libpurple-bin DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR libpurple-dev DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR pidgin-data DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is lpia AND Packages section libpurple0 DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR pidgin-dbg DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR pidgin DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR finch DPKG is earlier than 1:2.4.1-1ubuntu2.4 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section libpurple-dev DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR finch-dev DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR pidgin-dev DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR libpurple-bin DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR pidgin-data DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is sparc OR Installed architecture is lpia AND Packages section libpurple0 DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR pidgin-dbg DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR pidgin DPKG is earlier than 1:2.5.5-1ubuntu8.1 OR finch DPKG is earlier than 1:2.5.5-1ubuntu8.1
BACK