| Revision Date: | 2014-09-08 | Version: | 4 |
| Title: | SUSE-SU-2014:0702-1 -- Security update for finch |
| Description: | The pidgin Instant Messenger has been updated to fix various securityissues: * CVE-2014-0020: Remotely triggerable crash in IRC argument parsing * CVE-2013-6490: Buffer overflow in SIMPLE header parsing * CVE-2013-6489: Buffer overflow in MXit emoticon parsing * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing * CVE-2013-6486: Pidgin uses clickable links to untrusted executables * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses * CVE-2013-6484: Crash reading response from STUN server * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN * CVE-2013-6482: NULL pointer dereference parsing headers in MSN * CVE-2013-6481: Remote crash reading Yahoo! P2P message * CVE-2013-6479: Remote crash parsing HTTP responses * CVE-2013-6478: Crash when hovering pointer over a long URL * CVE-2013-6477: Crash handling bad XMPP timestamp * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2012-6152
CVE-2013-6477
CVE-2013-6478
CVE-2013-6479
CVE-2013-6481
CVE-2013-6482
CVE-2013-6483
CVE-2013-6484
CVE-2013-6485
CVE-2013-6486
CVE-2013-6487
CVE-2013-6489
CVE-2013-6490
CVE-2014-0020
SUSE-SU-2014:0702-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 11
| Product(s): | finch
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11.x is installed AND Packages match section
finch RPM is earlier than 0:2.6.6-0.23.1
OR libpurple RPM is earlier than 0:2.6.6-0.23.1
OR libpurple-lang RPM is earlier than 0:2.6.6-0.23.1
OR libpurple-meanwhile RPM is earlier than 0:2.6.6-0.23.1
OR libpurple-tcl RPM is earlier than 0:2.6.6-0.23.1
OR pidgin RPM is earlier than 0:2.6.6-0.23.1
|