Oval Definition:
oval:org.mitre.oval:def:25166
Revision Date
:
2014-09-08
Version
:
4
Title
:
SUSE-SU-2014:0702-1 -- Security update for finch
Description
:
The pidgin Instant Messenger has been updated to fix various securityissues: * CVE-2014-0020: Remotely triggerable crash in IRC argument parsing * CVE-2013-6490: Buffer overflow in SIMPLE header parsing * CVE-2013-6489: Buffer overflow in MXit emoticon parsing * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing * CVE-2013-6486: Pidgin uses clickable links to untrusted executables * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses * CVE-2013-6484: Crash reading response from STUN server * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN * CVE-2013-6482: NULL pointer dereference parsing headers in MSN * CVE-2013-6481: Remote crash reading Yahoo! P2P message * CVE-2013-6479: Remote crash parsing HTTP responses * CVE-2013-6478: Crash when hovering pointer over a long URL * CVE-2013-6477: Crash handling bad XMPP timestamp * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding
Family
:
unix
Class
:
patch
Status
:
ACCEPTED
Reference(s)
:
CVE-2012-6152
CVE-2013-6477
CVE-2013-6478
CVE-2013-6479
CVE-2013-6481
CVE-2013-6482
CVE-2013-6483
CVE-2013-6484
CVE-2013-6485
CVE-2013-6486
CVE-2013-6487
CVE-2013-6489
CVE-2013-6490
CVE-2014-0020
SUSE-SU-2014:0702-1
Platform(s)
:
SUSE Linux Enterprise Desktop 11
Product(s)
:
finch
Definition Synopsis
SUSE Linux Enterprise Desktop 11.x is installed
AND
Packages match section
finch RPM is earlier than 0:2.6.6-0.23.1
OR
libpurple RPM is earlier than 0:2.6.6-0.23.1
OR
libpurple-lang RPM is earlier than 0:2.6.6-0.23.1
OR
libpurple-meanwhile RPM is earlier than 0:2.6.6-0.23.1
OR
libpurple-tcl RPM is earlier than 0:2.6.6-0.23.1
OR
pidgin RPM is earlier than 0:2.6.6-0.23.1
BACK