Описание
Security update for pidgin
This update for pidgin fixes the following issues:
Security issues fixed:
- CVE-2016-2367: Fixed a MXIT Avatar Length Memory Disclosure Vulnerability (bsc#991715).
- CVE-2016-2370: Fixed a MXIT Custom Resource Denial of Service Vulnerability (bsc#991712).
- CVE-2016-2371: Fixed a MXIT Extended Profiles Code Execution Vulnerability (bsc#991691).
- CVE-2016-2372: Fixed a MXIT File Transfer Length Memory Disclosure Vulnerability (bsc#991711).
- CVE-2016-2373: Fixed a MXIT Contact Mood Denial of Service Vulnerability (bsc#991709)
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2016:2416-1
- E-Mail link for SUSE-SU-2016:2416-1
- SUSE Security Ratings
- SUSE Bug 991691
- SUSE Bug 991709
- SUSE Bug 991711
- SUSE Bug 991712
- SUSE Bug 991715
- SUSE CVE CVE-2016-2367 page
- SUSE CVE CVE-2016-2370 page
- SUSE CVE CVE-2016-2371 page
- SUSE CVE CVE-2016-2372 page
- SUSE CVE CVE-2016-2373 page
Описание
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.
Затронутые продукты
Ссылки
- CVE-2016-2367
- SUSE Bug 984655
- SUSE Bug 991712
- SUSE Bug 991715
Описание
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2016-2370
- SUSE Bug 984655
- SUSE Bug 991712
Описание
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
Затронутые продукты
Ссылки
- CVE-2016-2371
- SUSE Bug 984655
- SUSE Bug 991691
Описание
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.
Затронутые продукты
Ссылки
- CVE-2016-2372
- SUSE Bug 984655
- SUSE Bug 991711
Описание
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2016-2373
- SUSE Bug 984655
- SUSE Bug 991709