Oval Definition:oval:org.mitre.oval:def:23006
Revision Date:2014-05-26Version:13
Title:ELSA-2010:0044: pidgin security update (Important)
Description:Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-0013
ELSA-2010:0044-01
Platform(s):Oracle Linux 5
Product(s):pidgin
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • libpurple is earlier than 0:2.6.5-1.el5
  • OR finch is earlier than 0:2.6.5-1.el5
  • OR libpurple-perl is earlier than 0:2.6.5-1.el5
  • OR pidgin is earlier than 0:2.6.5-1.el5
  • OR libpurple-devel is earlier than 0:2.6.5-1.el5
  • OR pidgin-devel is earlier than 0:2.6.5-1.el5
  • OR finch-devel is earlier than 0:2.6.5-1.el5
  • OR pidgin-perl is earlier than 0:2.6.5-1.el5
  • OR libpurple-tcl is earlier than 0:2.6.5-1.el5
    • BACK