Описание
Security update for pidgin
This update for pidgin fixes the following issues:
The following security vulnerability was fixed:
- CVE-2017-2640: Fixed an out of bound write in purple_markup_unescape_entity, which could be triggered by a server controlled by an attacker and could lead to crashes or, in some extreme cases, to remote code execution on the client side (bsc#1028835).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
finch-2.6.6-0.30.3.1
finch-devel-2.6.6-0.30.3.1
libpurple-2.6.6-0.30.3.1
libpurple-devel-2.6.6-0.30.3.1
libpurple-lang-2.6.6-0.30.3.1
pidgin-2.6.6-0.30.3.1
pidgin-devel-2.6.6-0.30.3.1
Ссылки
- Link for SUSE-SU-2018:2235-1
- E-Mail link for SUSE-SU-2018:2235-1
- SUSE Security Ratings
- SUSE Bug 1028835
- SUSE CVE CVE-2017-2640 page
Описание
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.30.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.30.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.30.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.30.3.1
Ссылки
- CVE-2017-2640
- SUSE Bug 1028835