Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0925-1

Опубликовано: 04 апр. 2017
Источник: suse-cvrf

Описание

Security update for pidgin

This update for pidgin fixes the following issues:

Feature update:

  • Update to GNOME 3.20.2 (fate#318572).

Security issues fixed:

  • CVE-2017-2640: Fix an out of bounds memory read in purple_markup_unescape_entity. (boo#1028835)
  • CVE-2014-3698: remote information leak via crafted XMPP message (boo#902408).
  • CVE-2014-3696: denial of service parsing Groupwise server message (boo#902410).
  • CVE-2014-3695: crash in MXit protocol plug-in (boo#902409).

Bugfixes

  • Correctly remove *.so files for plugins (fixes devel-file-in-non-devel-package).
  • Remove generation of a plugin list to package, simply add it all in %files with exclusions.
  • Build with GStreamer 1.x on SLE 12 SP2.
  • Fix SASL EXTERNAL fingerprint authentication (boo#1009974).
  • Use ALSA as default for avoiding broken volume control of pa sink (boo#886670).

Список пакетов

openSUSE Leap 42.1
finch-2.10.11-9.1
finch-devel-2.10.11-9.1
libpurple-2.10.11-9.1
libpurple-branding-upstream-2.10.11-9.1
libpurple-devel-2.10.11-9.1
libpurple-lang-2.10.11-9.1
libpurple-meanwhile-2.10.11-9.1
libpurple-tcl-2.10.11-9.1
pidgin-2.10.11-9.1
pidgin-devel-2.10.11-9.1

Ссылки

Описание

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.

Затронутые продукты
openSUSE Leap 42.1:finch-2.10.11-9.1
openSUSE Leap 42.1:finch-devel-2.10.11-9.1
openSUSE Leap 42.1:libpurple-2.10.11-9.1
openSUSE Leap 42.1:libpurple-branding-upstream-2.10.11-9.1
Ссылки

Описание

nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.

Затронутые продукты
openSUSE Leap 42.1:finch-2.10.11-9.1
openSUSE Leap 42.1:finch-devel-2.10.11-9.1
openSUSE Leap 42.1:libpurple-2.10.11-9.1
openSUSE Leap 42.1:libpurple-branding-upstream-2.10.11-9.1
Ссылки

Описание

The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.

Затронутые продукты
openSUSE Leap 42.1:finch-2.10.11-9.1
openSUSE Leap 42.1:finch-devel-2.10.11-9.1
openSUSE Leap 42.1:libpurple-2.10.11-9.1
openSUSE Leap 42.1:libpurple-branding-upstream-2.10.11-9.1
Ссылки

Описание

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.

Затронутые продукты
openSUSE Leap 42.1:finch-2.10.11-9.1
openSUSE Leap 42.1:finch-devel-2.10.11-9.1
openSUSE Leap 42.1:libpurple-2.10.11-9.1
openSUSE Leap 42.1:libpurple-branding-upstream-2.10.11-9.1
Ссылки
Уязвимость openSUSE-SU-2017:0925-1