Oval Definition:oval:org.opensuse.security:def:20162367
Revision Date:2021-08-15Version:1
Title:CVE-2016-2367
Description:

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2016-2367
Mitre CVE-2016-2367
SUSE CVE-2016-2367
SUSE-SU-2016:2416-1
SUSE-SU-2016:2416-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • finch-2.6.6-0.29 is installed
  • OR finch-devel-2.6.6-0.29 is installed
  • OR libpurple-2.6.6-0.29 is installed
  • OR libpurple-devel-2.6.6-0.29 is installed
  • OR libpurple-lang-2.6.6-0.29 is installed
  • OR pidgin-2.6.6-0.29 is installed
  • OR pidgin-devel-2.6.6-0.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • finch-2.6.6-0.29.1 is installed
  • OR finch-devel-2.6.6-0.29.1 is installed
  • OR libpurple-2.6.6-0.29.1 is installed
  • OR libpurple-devel-2.6.6-0.29.1 is installed
  • OR libpurple-lang-2.6.6-0.29.1 is installed
  • OR pidgin-2.6.6-0.29.1 is installed
  • OR pidgin-devel-2.6.6-0.29.1 is installed
    • BACK