Oval Definition:oval:org.opensuse.security:def:79959
Revision Date:2014-05-08Version:1
Title:Security update for finch
Description:



The pidgin Instant Messenger has been updated to fix various security issues:

* CVE-2014-0020: Remotely triggerable crash in IRC argument parsing * CVE-2013-6490: Buffer overflow in SIMPLE header parsing * CVE-2013-6489: Buffer overflow in MXit emoticon parsing * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing * CVE-2013-6486: Pidgin uses clickable links to untrusted executables * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses * CVE-2013-6484: Crash reading response from STUN server * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN * CVE-2013-6482: NULL pointer dereference parsing headers in MSN * CVE-2013-6481: Remote crash reading Yahoo! P2P message * CVE-2013-6479: Remote crash parsing HTTP responses * CVE-2013-6478: Crash when hovering pointer over a long URL * CVE-2013-6477: Crash handling bad XMPP timestamp * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding

Security Issue references:

* CVE-2014-0020 * CVE-2013-6490 * CVE-2013-6489 * CVE-2013-6487 * CVE-2013-6486 * CVE-2013-6485 * CVE-2013-6484 * CVE-2013-6483 * CVE-2013-6482 * CVE-2013-6481 * CVE-2013-6479 * CVE-2013-6478 * CVE-2013-6477 * CVE-2012-6152

Family:unixClass:patch
Status:Reference(s):861019
CVE-2012-6152
CVE-2013-6477
CVE-2013-6478
CVE-2013-6479
CVE-2013-6481
CVE-2013-6482
CVE-2013-6483
CVE-2013-6484
CVE-2013-6485
CVE-2013-6486
CVE-2013-6487
CVE-2013-6489
CVE-2013-6490
CVE-2014-0020
Platform(s):SUSE Linux Enterprise Desktop 11 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • finch-2.6.6-0.23.1 is installed
  • OR libpurple-2.6.6-0.23.1 is installed
  • OR libpurple-lang-2.6.6-0.23.1 is installed
  • OR libpurple-meanwhile-2.6.6-0.23.1 is installed
  • OR libpurple-tcl-2.6.6-0.23.1 is installed
  • OR pidgin-2.6.6-0.23.1 is installed
    • BACK