Описание
Security update for pidgin
This update for pidgin fixes the following issues:
Feature update:
- Update to GNOME 3.20.2 (fate#318572).
Security issues fixed:
- CVE-2017-2640: Fix an out of bounds memory read in purple_markup_unescape_entity. (boo#1028835)
Bugfixes
- Correctly remove *.so files for plugins (fixes devel-file-in-non-devel-package).
- Remove generation of a plugin list to package, simply add it all in %files with exclusions.
- Fix SASL EXTERNAL fingerprint authentication (boo#1009974).
Список пакетов
openSUSE Leap 42.2
finch-2.10.11-8.3.1
finch-devel-2.10.11-8.3.1
libpurple-2.10.11-8.3.1
libpurple-branding-upstream-2.10.11-8.3.1
libpurple-devel-2.10.11-8.3.1
libpurple-lang-2.10.11-8.3.1
libpurple-meanwhile-2.10.11-8.3.1
libpurple-tcl-2.10.11-8.3.1
pidgin-2.10.11-8.3.1
pidgin-devel-2.10.11-8.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0892-1
- SUSE Security Ratings
Описание
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
Затронутые продукты
openSUSE Leap 42.2:finch-2.10.11-8.3.1
openSUSE Leap 42.2:finch-devel-2.10.11-8.3.1
openSUSE Leap 42.2:libpurple-2.10.11-8.3.1
openSUSE Leap 42.2:libpurple-branding-upstream-2.10.11-8.3.1
Ссылки
- CVE-2017-2640
- SUSE Bug 1028835