Ubuntu Security Notice 886-1 - It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler, enforce the "require TLS/SSL" setting when connecting to certain older Jabber servers, did not properly handle certain SLP invite messages in the MSN protocol handler, did not properly handle certain errors in the XMPP protocol handler, did not properly handle malformed contact-list data in the OSCAR protocol handler and did not properly handle custom smiley requests in the MSN protocol handler.
1937188a7228cf7d3965e317d6df8276fcbc3f19dd39e90885336e6ce8c82d07Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.
7fa7a9e261705a1c8d79a87e1bd96c137a3fc7f7847a59247c6845386710d895Gentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.
e779f111b1348b505f287d3b122922b47e53deed021d9b1d7f32a5e7bd682180Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.
2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46Mandriva Linux Security Advisory 2009-147 - Arbitrary code execution, denial of service, and overflows have been addressed in the latest Pidgin update.
ec905f205027ef8376505e10bea5d0b6bda25d681844581a211815ee219627b4Mandriva Linux Security Advisory 2009-140 - Multiple security vulnerabilities have been identified and fixed in gaim. These include integer and buffer overflows.
bde1a0669082b16d847d1bff535b714ea5b0668ec0d900ac0047e00a3076c148Zero Day Initiative Advisory 09-031 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.
286f5573fcf8c6351e406eab363184ebc1f7e8a3742b6d01a9ca6c90a0e3992dUbuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
959ae8eddaf8e4c73e6210d8d6f03aa37f29790fab59d7fbeb81aa87e655ad3aUbuntu Security Notice USN-781-1 - It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
edcd25ea3a9efa771fd79ad6546263ae682ec7ea24fb292898ff40eeb7c0ca27Gentoo Linux Security Advisory GLSA 200905-07 - Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Versions less than 2.5.6 are affected.
256d008607e8ce04042b47a260060c410f5e6c429f1f4c3a80bb4141e839b483Debian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.
cbce861a8fc059dce0e2e207159753b832372c40084d4da5642331a83f7f5a29
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed