drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Pidgin
Name: |
Mehrere Probleme in Pidgin |
|
ID: |
DSA-2859-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy |
|
Datum: |
Di, 11. Februar 2014, 00:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020 |
|
Applikationen: |
Pidgin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2859-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 10, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pidgin Vulnerability : several CVE ID : CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020
Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client:
CVE-2013-6477
Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future.
CVE-2013-6478
Pidgin could be crashed through overly wide tooltip windows.
CVE-2013-6479
Jacob Appelbaum discovered that a malicious server or a "man in the middle" could send a malformed HTTP header resulting in denial of service.
CVE-2013-6481
Daniel Atallah discovered that Pidgin could be crashed through malformed Yahoo! P2P messages.
CVE-2013-6482
Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed MSN messages.
CVE-2013-6483
Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed XMPP messages.
CVE-2013-6484
It was discovered that incorrect error handling when reading the response from a STUN server could result in a crash.
CVE-2013-6485
Matt Jones discovered a buffer overflow in the parsing of malformed HTTP responses.
CVE-2013-6487
Yves Younan and Ryan Pentney discovered a buffer overflow when parsing Gadu-Gadu messages.
CVE-2013-6489
Yves Younan and Pawel Janic discovered an integer overflow when parsing MXit emoticons.
CVE-2013-6490
Yves Younan discovered a buffer overflow when parsing SIMPLE headers.
CVE-2014-0020
Daniel Atallah discovered that Pidgin could be crashed via malformed IRC arguments.
For the oldstable distribution (squeeze), no direct backport is provided. A fixed packages will be provided through backports.debian.org shortly
For the stable distribution (wheezy), these problems have been fixed in version 2.10.9-1~deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 2.10.9-1.
We recommend that you upgrade your pidgin packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlL5DAsACgkQXm3vHE4uylpHBACgi35NdKeWengFu5JzJ4NKkj0T w2MAni+6nXq2FQYjbUm+0k1QW5OrgtU+ =wmw4 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20140210173006.GA5808@pisco.westfalen.local
|
|
|
|