Oval Definition:oval:org.mitre.oval:def:22173
Revision Date:2014-02-24Version:10
Title:RHSA-2010:0044: pidgin security update (Important)
Description:Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2010:0044
CVE-2010-0013
RHSA-2010:0044-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):pidgin
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • libpurple is earlier than 0:2.6.5-1.el5
  • OR finch is earlier than 0:2.6.5-1.el5
  • OR libpurple-perl is earlier than 0:2.6.5-1.el5
  • OR pidgin is earlier than 0:2.6.5-1.el5
  • OR libpurple-devel is earlier than 0:2.6.5-1.el5
  • OR pidgin-devel is earlier than 0:2.6.5-1.el5
  • OR finch-devel is earlier than 0:2.6.5-1.el5
  • OR pidgin-perl is earlier than 0:2.6.5-1.el5
  • OR libpurple-tcl is earlier than 0:2.6.5-1.el5
    • BACK