Oval Definition:oval:org.opensuse.security:def:202226491
Revision Date:2022-09-01Version:1
Title:CVE-2022-26491
Description:

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-26491
SUSE CVE-2022-26491
SUSE-SU-2022:1664-1
SUSE-SU-2022:1665-1
SUSE-SU-2022:1693-1
Platform(s):openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 12 SP5
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Module for Package Hub 15 SP3
SUSE Linux Enterprise Module for Package Hub 15 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
SUSE Linux Enterprise Workstation Extension 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP4
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed
  • AND
  • finch-2.13.0-150200.12.6.1 is installed
  • OR finch-devel-2.13.0-150200.12.6.1 is installed
  • OR libpurple-2.13.0-150200.12.6.1 is installed
  • OR libpurple-branding-upstream-2.13.0-150200.12.6.1 is installed
  • OR libpurple-devel-2.13.0-150200.12.6.1 is installed
  • OR libpurple-lang-2.13.0-150200.12.6.1 is installed
  • OR libpurple-plugin-sametime-2.13.0-150200.12.6.1 is installed
  • OR libpurple-tcl-2.13.0-150200.12.6.1 is installed
  • OR pidgin-2.13.0-150200.12.6.1 is installed
  • OR pidgin-devel-2.13.0-150200.12.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP4 is installed
  • AND
  • finch-2.14.8-150400.3.3.1 is installed
  • OR finch-devel-2.14.8-150400.3.3.1 is installed
  • OR libpurple-2.14.8-150400.3.3.1 is installed
  • OR libpurple-branding-upstream-2.14.8-150400.3.3.1 is installed
  • OR libpurple-devel-2.14.8-150400.3.3.1 is installed
  • OR libpurple-lang-2.14.8-150400.3.3.1 is installed
  • OR libpurple-plugin-sametime-2.14.8-150400.3.3.1 is installed
  • OR libpurple-tcl-2.14.8-150400.3.3.1 is installed
  • OR pidgin-2.14.8-150400.3.3.1 is installed
  • OR pidgin-devel-2.14.8-150400.3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed
  • AND
  • finch-2.13.0-150200.12.6.1 is installed
  • OR finch-devel-2.13.0-150200.12.6.1 is installed
  • OR libpurple-2.13.0-150200.12.6.1 is installed
  • OR libpurple-branding-upstream-2.13.0-150200.12.6.1 is installed
  • OR libpurple-devel-2.13.0-150200.12.6.1 is installed
  • OR libpurple-lang-2.13.0-150200.12.6.1 is installed
  • OR libpurple-plugin-sametime-2.13.0-150200.12.6.1 is installed
  • OR libpurple-tcl-2.13.0-150200.12.6.1 is installed
  • OR pidgin-2.13.0-150200.12.6.1 is installed
  • OR pidgin-devel-2.13.0-150200.12.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed
  • AND
  • libpurple-2.13.0-150200.12.6.1 is installed
  • OR libpurple-branding-upstream-2.13.0-150200.12.6.1 is installed
  • OR libpurple-devel-2.13.0-150200.12.6.1 is installed
  • OR libpurple-lang-2.13.0-150200.12.6.1 is installed
  • OR libpurple-plugin-sametime-2.13.0-150200.12.6.1 is installed
  • OR pidgin-2.13.0-150200.12.6.1 is installed
  • OR pidgin-devel-2.13.0-150200.12.6.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • finch-2.13.0-150200.12.6.1 is installed
  • AND finch is signed with openSUSE key
  • OR
  • finch-devel-2.13.0-150200.12.6.1 is installed
  • AND finch-devel is signed with openSUSE key
  • OR
  • libpurple-2.13.0-150200.12.6.1 is installed
  • AND libpurple is signed with openSUSE key
  • OR
  • libpurple-branding-upstream-2.13.0-150200.12.6.1 is installed
  • AND libpurple-branding-upstream is signed with openSUSE key
  • OR
  • libpurple-devel-2.13.0-150200.12.6.1 is installed
  • AND libpurple-devel is signed with openSUSE key
  • OR
  • libpurple-lang-2.13.0-150200.12.6.1 is installed
  • AND libpurple-lang is signed with openSUSE key
  • OR
  • libpurple-plugin-sametime-2.13.0-150200.12.6.1 is installed
  • AND libpurple-plugin-sametime is signed with openSUSE key
  • OR
  • libpurple-tcl-2.13.0-150200.12.6.1 is installed
  • AND libpurple-tcl is signed with openSUSE key
  • OR
  • pidgin-2.13.0-150200.12.6.1 is installed
  • AND pidgin is signed with openSUSE key
  • OR
  • pidgin-devel-2.13.0-150200.12.6.1 is installed
  • AND pidgin-devel is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • finch-2.13.0-150200.12.6.1 is installed
  • AND finch is signed with openSUSE key
  • OR
  • finch-devel-2.13.0-150200.12.6.1 is installed
  • AND finch-devel is signed with openSUSE key
  • OR
  • libpurple-2.13.0-150200.12.6.1 is installed
  • AND libpurple is signed with openSUSE key
  • OR
  • libpurple-branding-upstream-2.13.0-150200.12.6.1 is installed
  • AND libpurple-branding-upstream is signed with openSUSE key
  • OR
  • libpurple-devel-2.13.0-150200.12.6.1 is installed
  • AND libpurple-devel is signed with openSUSE key
  • OR
  • libpurple-lang-2.13.0-150200.12.6.1 is installed
  • AND libpurple-lang is signed with openSUSE key
  • OR
  • libpurple-plugin-sametime-2.13.0-150200.12.6.1 is installed
  • AND libpurple-plugin-sametime is signed with openSUSE key
  • OR
  • libpurple-tcl-2.13.0-150200.12.6.1 is installed
  • AND libpurple-tcl is signed with openSUSE key
  • OR
  • pidgin-2.13.0-150200.12.6.1 is installed
  • AND pidgin is signed with openSUSE key
  • OR
  • pidgin-devel-2.13.0-150200.12.6.1 is installed
  • AND pidgin-devel is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • finch-2.14.9-1.1 is installed
  • OR finch-devel-2.14.9-1.1 is installed
  • OR libpurple-2.14.9-1.1 is installed
  • OR libpurple-branding-upstream-2.14.9-1.1 is installed
  • OR libpurple-client0-2.14.9-1.1 is installed
  • OR libpurple-devel-2.14.9-1.1 is installed
  • OR libpurple-lang-2.14.9-1.1 is installed
  • OR libpurple-plugin-sametime-2.14.9-1.1 is installed
  • OR libpurple-tcl-2.14.9-1.1 is installed
  • OR libpurple0-2.14.9-1.1 is installed
  • OR pidgin-2.14.9-1.1 is installed
  • OR pidgin-devel-2.14.9-1.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP4 is installed
  • AND
  • finch-2.14.8-150400.3.3.1 is installed
  • OR finch-devel-2.14.8-150400.3.3.1 is installed
  • OR libpurple-2.14.8-150400.3.3.1 is installed
  • OR libpurple-branding-upstream-2.14.8-150400.3.3.1 is installed
  • OR libpurple-devel-2.14.8-150400.3.3.1 is installed
  • OR libpurple-lang-2.14.8-150400.3.3.1 is installed
  • OR libpurple-plugin-sametime-2.14.8-150400.3.3.1 is installed
  • OR libpurple-tcl-2.14.8-150400.3.3.1 is installed
  • OR pidgin-2.14.8-150400.3.3.1 is installed
  • OR pidgin-devel-2.14.8-150400.3.3.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP4 is installed
  • AND
  • libpurple-2.14.8-150400.3.3.1 is installed
  • OR libpurple-branding-upstream-2.14.8-150400.3.3.1 is installed
  • OR libpurple-client0-2.14.8-150400.3.3.1 is installed
  • OR libpurple-devel-2.14.8-150400.3.3.1 is installed
  • OR libpurple-lang-2.14.8-150400.3.3.1 is installed
  • OR libpurple-plugin-sametime-2.14.8-150400.3.3.1 is installed
  • OR libpurple0-2.14.8-150400.3.3.1 is installed
  • OR pidgin-2.14.8-150400.3.3.1 is installed
  • OR pidgin-devel-2.14.8-150400.3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP5 is installed
  • AND
  • finch-devel-2.12.0-3.6.1 is installed
  • OR libpurple-2.12.0-3.6.1 is installed
  • OR libpurple-devel-2.12.0-3.6.1 is installed
  • OR libpurple-lang-2.12.0-3.6.1 is installed
  • OR pidgin-devel-2.12.0-3.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 12 SP5 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP5 is installed
  • AND
  • finch-2.12.0-3.6.1 is installed
  • OR libpurple-2.12.0-3.6.1 is installed
  • OR libpurple-branding-upstream-2.12.0-3.6.1 is installed
  • OR libpurple-lang-2.12.0-3.6.1 is installed
  • OR libpurple-plugin-sametime-2.12.0-3.6.1 is installed
  • OR libpurple-tcl-2.12.0-3.6.1 is installed
  • OR pidgin-2.12.0-3.6.1 is installed
    • BACK