Executive Summary
Summary | |
---|---|
Title | pidgin security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:1023 | First vendor Publication | 2008-12-15 |
Vendor | RedHat | Last vendor Modification | 2008-12-15 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Pidgin is a multi-protocol Internet Messaging client. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) A denial-of-service flaw was found in Pidgin's Universal Plug and Play (UPnP) request handling. A malicious UPnP server could send a request to Pidgin, causing it to download an excessive amount of data, consuming all available memory or disk space. (CVE-2008-2957) A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL implementation in Pidgin did not properly verify the authenticity of SSL certificates. This could have resulted in users unknowingly connecting to a malicious SSL service. (CVE-2008-3532) In addition, this update upgrades pidgin from version 2.3.1 to version 2.5.2, with many additional stability and functionality fixes from the Pidgin Project. Note: the Secure Internet Live Conferencing (SILC) chat network protocol has recently changed, affecting all versions of pidgin shipped with Red Hat Enterprise Linux. Pidgin cannot currently connect to the latest version of the SILC server (1.1.14): it fails to properly exchange keys during initial login. This update does not correct this. Red Hat Bugzilla #474212 (linked to in the References section) has more information. Note: after the errata packages are installed, Pidgin must be restarted for the update to take effect. All Pidgin users should upgrade to these updated packages, which contains Pidgin version 2.5.2 and resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/pidgin-2.5.2-6.el4.src.rpm i386: finch-2.5.2-6.el4.i386.rpm finch-devel-2.5.2-6.el4.i386.rpm libpurple-2.5.2-6.el4.i386.rpm libpurple-devel-2.5.2-6.el4.i386.rpm libpurple-perl-2.5.2-6.el4.i386.rpm libpurple-tcl-2.5.2-6.el4.i386.rpm pidgin-2.5.2-6.el4.i386.rpm pidgin-debuginfo-2.5.2-6.el4.i386.rpm pidgin-devel-2.5.2-6.el4.i386.rpm pidgin-perl-2.5.2-6.el4.i386.rpm ia64: finch-2.5.2-6.el4.ia64.rpm finch-devel-2.5.2-6.el4.ia64.rpm libpurple-2.5.2-6.el4.ia64.rpm libpurple-devel-2.5.2-6.el4.ia64.rpm libpurple-perl-2.5.2-6.el4.ia64.rpm libpurple-tcl-2.5.2-6.el4.ia64.rpm pidgin-2.5.2-6.el4.ia64.rpm pidgin-debuginfo-2.5.2-6.el4.ia64.rpm pidgin-devel-2.5.2-6.el4.ia64.rpm pidgin-perl-2.5.2-6.el4.ia64.rpm ppc: finch-2.5.2-6.el4.ppc.rpm finch-devel-2.5.2-6.el4.ppc.rpm libpurple-2.5.2-6.el4.ppc.rpm libpurple-devel-2.5.2-6.el4.ppc.rpm libpurple-perl-2.5.2-6.el4.ppc.rpm libpurple-tcl-2.5.2-6.el4.ppc.rpm pidgin-2.5.2-6.el4.ppc.rpm pidgin-debuginfo-2.5.2-6.el4.ppc.rpm pidgin-devel-2.5.2-6.el4.ppc.rpm pidgin-perl-2.5.2-6.el4.ppc.rpm x86_64: finch-2.5.2-6.el4.x86_64.rpm finch-devel-2.5.2-6.el4.x86_64.rpm libpurple-2.5.2-6.el4.x86_64.rpm libpurple-devel-2.5.2-6.el4.x86_64.rpm libpurple-perl-2.5.2-6.el4.x86_64.rpm libpurple-tcl-2.5.2-6.el4.x86_64.rpm pidgin-2.5.2-6.el4.x86_64.rpm pidgin-debuginfo-2.5.2-6.el4.x86_64.rpm pidgin-devel-2.5.2-6.el4.x86_64.rpm pidgin-perl-2.5.2-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/pidgin-2.5.2-6.el4.src.rpm i386: finch-2.5.2-6.el4.i386.rpm finch-devel-2.5.2-6.el4.i386.rpm libpurple-2.5.2-6.el4.i386.rpm libpurple-devel-2.5.2-6.el4.i386.rpm libpurple-perl-2.5.2-6.el4.i386.rpm libpurple-tcl-2.5.2-6.el4.i386.rpm pidgin-2.5.2-6.el4.i386.rpm pidgin-debuginfo-2.5.2-6.el4.i386.rpm pidgin-devel-2.5.2-6.el4.i386.rpm pidgin-perl-2.5.2-6.el4.i386.rpm x86_64: finch-2.5.2-6.el4.x86_64.rpm finch-devel-2.5.2-6.el4.x86_64.rpm libpurple-2.5.2-6.el4.x86_64.rpm libpurple-devel-2.5.2-6.el4.x86_64.rpm libpurple-perl-2.5.2-6.el4.x86_64.rpm libpurple-tcl-2.5.2-6.el4.x86_64.rpm pidgin-2.5.2-6.el4.x86_64.rpm pidgin-debuginfo-2.5.2-6.el4.x86_64.rpm pidgin-devel-2.5.2-6.el4.x86_64.rpm pidgin-perl-2.5.2-6.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/pidgin-2.5.2-6.el4.src.rpm i386: finch-2.5.2-6.el4.i386.rpm finch-devel-2.5.2-6.el4.i386.rpm libpurple-2.5.2-6.el4.i386.rpm libpurple-devel-2.5.2-6.el4.i386.rpm libpurple-perl-2.5.2-6.el4.i386.rpm libpurple-tcl-2.5.2-6.el4.i386.rpm pidgin-2.5.2-6.el4.i386.rpm pidgin-debuginfo-2.5.2-6.el4.i386.rpm pidgin-devel-2.5.2-6.el4.i386.rpm pidgin-perl-2.5.2-6.el4.i386.rpm ia64: finch-2.5.2-6.el4.ia64.rpm finch-devel-2.5.2-6.el4.ia64.rpm libpurple-2.5.2-6.el4.ia64.rpm libpurple-devel-2.5.2-6.el4.ia64.rpm libpurple-perl-2.5.2-6.el4.ia64.rpm libpurple-tcl-2.5.2-6.el4.ia64.rpm pidgin-2.5.2-6.el4.ia64.rpm pidgin-debuginfo-2.5.2-6.el4.ia64.rpm pidgin-devel-2.5.2-6.el4.ia64.rpm pidgin-perl-2.5.2-6.el4.ia64.rpm x86_64: finch-2.5.2-6.el4.x86_64.rpm finch-devel-2.5.2-6.el4.x86_64.rpm libpurple-2.5.2-6.el4.x86_64.rpm libpurple-devel-2.5.2-6.el4.x86_64.rpm libpurple-perl-2.5.2-6.el4.x86_64.rpm libpurple-tcl-2.5.2-6.el4.x86_64.rpm pidgin-2.5.2-6.el4.x86_64.rpm pidgin-debuginfo-2.5.2-6.el4.x86_64.rpm pidgin-devel-2.5.2-6.el4.x86_64.rpm pidgin-perl-2.5.2-6.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/pidgin-2.5.2-6.el4.src.rpm i386: finch-2.5.2-6.el4.i386.rpm finch-devel-2.5.2-6.el4.i386.rpm libpurple-2.5.2-6.el4.i386.rpm libpurple-devel-2.5.2-6.el4.i386.rpm libpurple-perl-2.5.2-6.el4.i386.rpm libpurple-tcl-2.5.2-6.el4.i386.rpm pidgin-2.5.2-6.el4.i386.rpm pidgin-debuginfo-2.5.2-6.el4.i386.rpm pidgin-devel-2.5.2-6.el4.i386.rpm pidgin-perl-2.5.2-6.el4.i386.rpm ia64: finch-2.5.2-6.el4.ia64.rpm finch-devel-2.5.2-6.el4.ia64.rpm libpurple-2.5.2-6.el4.ia64.rpm libpurple-devel-2.5.2-6.el4.ia64.rpm libpurple-perl-2.5.2-6.el4.ia64.rpm libpurple-tcl-2.5.2-6.el4.ia64.rpm pidgin-2.5.2-6.el4.ia64.rpm pidgin-debuginfo-2.5.2-6.el4.ia64.rpm pidgin-devel-2.5.2-6.el4.ia64.rpm pidgin-perl-2.5.2-6.el4.ia64.rpm x86_64: finch-2.5.2-6.el4.x86_64.rpm finch-devel-2.5.2-6.el4.x86_64.rpm libpurple-2.5.2-6.el4.x86_64.rpm libpurple-devel-2.5.2-6.el4.x86_64.rpm libpurple-perl-2.5.2-6.el4.x86_64.rpm libpurple-tcl-2.5.2-6.el4.x86_64.rpm pidgin-2.5.2-6.el4.x86_64.rpm pidgin-debuginfo-2.5.2-6.el4.x86_64.rpm pidgin-devel-2.5.2-6.el4.x86_64.rpm pidgin-perl-2.5.2-6.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.5.2-6.el5.src.rpm i386: finch-2.5.2-6.el5.i386.rpm libpurple-2.5.2-6.el5.i386.rpm libpurple-perl-2.5.2-6.el5.i386.rpm libpurple-tcl-2.5.2-6.el5.i386.rpm pidgin-2.5.2-6.el5.i386.rpm pidgin-debuginfo-2.5.2-6.el5.i386.rpm pidgin-perl-2.5.2-6.el5.i386.rpm x86_64: finch-2.5.2-6.el5.i386.rpm finch-2.5.2-6.el5.x86_64.rpm libpurple-2.5.2-6.el5.i386.rpm libpurple-2.5.2-6.el5.x86_64.rpm libpurple-perl-2.5.2-6.el5.x86_64.rpm libpurple-tcl-2.5.2-6.el5.x86_64.rpm pidgin-2.5.2-6.el5.i386.rpm pidgin-2.5.2-6.el5.x86_64.rpm pidgin-debuginfo-2.5.2-6.el5.i386.rpm pidgin-debuginfo-2.5.2-6.el5.x86_64.rpm pidgin-perl-2.5.2-6.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/pidgin-2.5.2-6.el5.src.rpm i386: finch-devel-2.5.2-6.el5.i386.rpm libpurple-devel-2.5.2-6.el5.i386.rpm pidgin-debuginfo-2.5.2-6.el5.i386.rpm pidgin-devel-2.5.2-6.el5.i386.rpm x86_64: finch-devel-2.5.2-6.el5.i386.rpm finch-devel-2.5.2-6.el5.x86_64.rpm libpurple-devel-2.5.2-6.el5.i386.rpm libpurple-devel-2.5.2-6.el5.x86_64.rpm pidgin-debuginfo-2.5.2-6.el5.i386.rpm pidgin-debuginfo-2.5.2-6.el5.x86_64.rpm pidgin-devel-2.5.2-6.el5.i386.rpm pidgin-devel-2.5.2-6.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/pidgin-2.5.2-6.el5.src.rpm i386: finch-2.5.2-6.el5.i386.rpm finch-devel-2.5.2-6.el5.i386.rpm libpurple-2.5.2-6.el5.i386.rpm libpurple-devel-2.5.2-6.el5.i386.rpm libpurple-perl-2.5.2-6.el5.i386.rpm libpurple-tcl-2.5.2-6.el5.i386.rpm pidgin-2.5.2-6.el5.i386.rpm pidgin-debuginfo-2.5.2-6.el5.i386.rpm pidgin-devel-2.5.2-6.el5.i386.rpm pidgin-perl-2.5.2-6.el5.i386.rpm x86_64: finch-2.5.2-6.el5.i386.rpm finch-2.5.2-6.el5.x86_64.rpm finch-devel-2.5.2-6.el5.i386.rpm finch-devel-2.5.2-6.el5.x86_64.rpm libpurple-2.5.2-6.el5.i386.rpm libpurple-2.5.2-6.el5.x86_64.rpm libpurple-devel-2.5.2-6.el5.i386.rpm libpurple-devel-2.5.2-6.el5.x86_64.rpm libpurple-perl-2.5.2-6.el5.x86_64.rpm libpurple-tcl-2.5.2-6.el5.x86_64.rpm pidgin-2.5.2-6.el5.i386.rpm pidgin-2.5.2-6.el5.x86_64.rpm pidgin-debuginfo-2.5.2-6.el5.i386.rpm pidgin-debuginfo-2.5.2-6.el5.x86_64.rpm pidgin-devel-2.5.2-6.el5.i386.rpm pidgin-devel-2.5.2-6.el5.x86_64.rpm pidgin-perl-2.5.2-6.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-1023.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-20 | Improper Input Validation |
33 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10131 | |||
Oval ID: | oval:org.mitre.oval:def:10131 | ||
Title: | Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | ||
Description: | Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2955 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10979 | |||
Oval ID: | oval:org.mitre.oval:def:10979 | ||
Title: | The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | ||
Description: | The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3532 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17599 | |||
Oval ID: | oval:org.mitre.oval:def:17599 | ||
Title: | The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL | ||
Description: | The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2957 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17826 | |||
Oval ID: | oval:org.mitre.oval:def:17826 | ||
Title: | USN-675-1 -- pidgin vulnerabilities | ||
Description: | It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-675-1 CVE-2008-2927 CVE-2008-2955 CVE-2008-2957 CVE-2008-3532 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18050 | |||
Oval ID: | oval:org.mitre.oval:def:18050 | ||
Title: | Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function | ||
Description: | Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2955 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18327 | |||
Oval ID: | oval:org.mitre.oval:def:18327 | ||
Title: | The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service | ||
Description: | The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3532 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Pidgin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29210 | |||
Oval ID: | oval:org.mitre.oval:def:29210 | ||
Title: | RHSA-2008:1023 -- pidgin security and bug fix update (Moderate) | ||
Description: | Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is a multi-protocol Internet Messaging client. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:1023 CESA-2008:1023-CentOS 5 CVE-2008-2955 CVE-2008-2957 CVE-2008-3532 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | pidgin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9076 | |||
Oval ID: | oval:org.mitre.oval:def:9076 | ||
Title: | The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | ||
Description: | The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2957 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-01-20 | Name : Ubuntu Update for pidgin vulnerabilities USN-886-1 File : nvt/gb_ubuntu_USN_886_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:321 (pidgin) File : nvt/mdksa_2009_321.nasl |
2009-03-23 | Name : Ubuntu Update for pidgin vulnerabilities USN-675-1 File : nvt/gb_ubuntu_USN_675_1.nasl |
2009-03-06 | Name : RedHat Update for pidgin RHSA-2008:1023-01 File : nvt/gb_RHSA-2008_1023-01_pidgin.nasl |
2009-02-27 | Name : CentOS Update for finch CESA-2008:1023 centos4 i386 File : nvt/gb_CESA-2008_1023_finch_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for finch CESA-2008:1023 centos4 x86_64 File : nvt/gb_CESA-2008_1023_finch_centos4_x86_64.nasl |
2009-01-26 | Name : Gentoo Security Advisory GLSA 200901-13 (pidgin) File : nvt/glsa_200901_13.nasl |
2009-01-26 | Name : Mandrake Security Advisory MDVSA-2009:025 (pidgin) File : nvt/mdksa_2009_025.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47583 | Pidgin libpurple NSS Plugin SSL Certificate Verification Failure |
47008 | Pidgin UPnP Functionality Crafted UDP Packet Arbitrary File Download |
46576 | Pidgin MSN File Transfer msn_slplink_process_msg Function Crafted Filename Re... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1023.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081215_pidgin_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_finch-5573.nasl - Type : ACT_GATHER_INFO |
2010-01-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-886-1.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-321.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_finch-080903.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-025.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-675-1.nasl - Type : ACT_GATHER_INFO |
2009-01-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200901-13.nasl - Type : ACT_GATHER_INFO |
2008-12-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1023.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1023.nasl - Type : ACT_GATHER_INFO |
2008-09-14 | Name : The remote openSUSE host is missing a security update. File : suse_finch-5592.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:07 |
|