6.8 - USN-1746-1

Executive Summary

Summary
Title	Pidgin vulnerabilities

Informations
Name	USN-1746-1	First vendor Publication	2013-02-25
Vendor	Ubuntu	Last vendor Modification	2013-02-25
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Pidgin.

Software Description: - pidgin: graphical multi-protocol instant messaging client for X

Details:

Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0271)

It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. (CVE-2013-0272)

It was discovered that Pidgin incorrectly handled long user IDs in the Sametime protocol handler. A malicious remote server could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-0273)

It was discovered that Pidgin incorrectly handled long strings when processing UPnP responses. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-0274)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10:
libpurple0 1:2.10.6-0ubuntu2.2
pidgin 1:2.10.6-0ubuntu2.2

Ubuntu 12.04 LTS:
libpurple0 1:2.10.3-0ubuntu1.3
pidgin 1:2.10.3-0ubuntu1.3

Ubuntu 11.10:
libpurple0 1:2.10.0-0ubuntu2.2
pidgin 1:2.10.0-0ubuntu2.2

Ubuntu 10.04 LTS:
libpurple0 1:2.6.6-1ubuntu4.6
pidgin 1:2.6.6-1ubuntu4.6

After a standard system update you need to restart Pidgin to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1746-1
CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274

Package Information:
https://launchpad.net/ubuntu/+source/pidgin/1:2.10.6-0ubuntu2.2
https://launchpad.net/ubuntu/+source/pidgin/1:2.10.3-0ubuntu1.3
https://launchpad.net/ubuntu/+source/pidgin/1:2.10.0-0ubuntu2.2
https://launchpad.net/ubuntu/+source/pidgin/1:2.6.6-1ubuntu4.6

Original Source

Url : http://www.ubuntu.com/usn/USN-1746-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17474

Oval ID:	oval:org.mitre.oval:def:17474
Title:	Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header
Description:	Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0272	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Pidgin
Definition Synopsis:
Pidgin is installed AND Version of Pidgin less than 2.10.7

Definition Id: oval:org.mitre.oval:def:18221

Oval ID:	oval:org.mitre.oval:def:18221
Title:	upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network
Description:	upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0274	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Pidgin
Definition Synopsis:
Pidgin is installed AND Version of Pidgin less than 2.10.7

Definition Id: oval:org.mitre.oval:def:18291

Oval ID:	oval:org.mitre.oval:def:18291
Title:	USN-1746-1 -- pidgin vulnerabilities
Description:	Several security issues were fixed in Pidgin.
Family:	unix	Class:	patch
Reference(s):	USN-1746-1 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274	Version:	5
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	pidgin
Definition Synopsis:
Release section Ubuntu 12.10 is installed Packages match section libpurple0 DPKG is earlier than 1:2.10.6-0ubuntu2.2 AND pidgin DPKG is earlier than 1:2.10.6-0ubuntu2.2 AND Release section Ubuntu 12.04 is installed Packages match section libpurple0 DPKG is earlier than 1:2.10.3-0ubuntu1.3 AND pidgin DPKG is earlier than 1:2.10.3-0ubuntu1.3 AND Release section Ubuntu 11.10 is installed Packages match section libpurple0 DPKG is earlier than 1:2.10.0-0ubuntu2.2 AND pidgin DPKG is earlier than 1:2.10.0-0ubuntu2.2 AND Release section Ubuntu 10.04 is installed Packages match section libpurple0 DPKG is earlier than 1:2.6.6-1ubuntu4.6 AND pidgin DPKG is earlier than 1:2.6.6-1ubuntu4.6

Definition Id: oval:org.mitre.oval:def:18340

Oval ID:	oval:org.mitre.oval:def:18340
Title:	sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet
Description:	sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0273	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Pidgin
Definition Synopsis:
Pidgin is installed AND Version of Pidgin less than 2.10.7

Definition Id: oval:org.mitre.oval:def:18386

Oval ID:	oval:org.mitre.oval:def:18386
Title:	The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname
Description:	The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2013-0271	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Pidgin
Definition Synopsis:
Pidgin is installed AND Version of Pidgin less than 2.10.7

Definition Id: oval:org.mitre.oval:def:21116

Oval ID:	oval:org.mitre.oval:def:21116
Title:	RHSA-2013:0646: pidgin security update (Moderate)
Description:	upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0646-01 CESA-2013:0646 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274	Version:	45
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	pidgin
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section pidgin-perl is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-tcl is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-docs is earlier than 0:2.7.9-10.el6_4.1 AND libpurple is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-perl is earlier than 0:2.7.9-10.el6_4.1 AND finch-devel is earlier than 0:2.7.9-10.el6_4.1 AND finch is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin is earlier than 0:2.7.9-10.el6_4.1 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section libpurple-tcl is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-perl is earlier than 0:2.6.6-17.el5_9.1 AND libpurple is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-perl is earlier than 0:2.6.6-17.el5_9.1 AND finch-devel is earlier than 0:2.6.6-17.el5_9.1 AND finch is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin is earlier than 0:2.6.6-17.el5_9.1

Definition Id: oval:org.mitre.oval:def:23360

Oval ID:	oval:org.mitre.oval:def:23360
Title:	DEPRECATED: ELSA-2013:0646: pidgin security update (Moderate)
Description:	upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0646-01 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274	Version:	18
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	pidgin
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test pidgin-perl is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-tcl is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-docs is earlier than 0:2.7.9-10.el6_4.1 AND libpurple is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-perl is earlier than 0:2.7.9-10.el6_4.1 AND finch-devel is earlier than 0:2.7.9-10.el6_4.1 AND finch is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin is earlier than 0:2.7.9-10.el6_4.1 OR rpm test Oracle Linux 5.x AND rpm test libpurple-tcl is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-perl is earlier than 0:2.6.6-17.el5_9.1 AND libpurple is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-perl is earlier than 0:2.6.6-17.el5_9.1 AND finch-devel is earlier than 0:2.6.6-17.el5_9.1 AND finch is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin is earlier than 0:2.6.6-17.el5_9.1

Definition Id: oval:org.mitre.oval:def:24069

Oval ID:	oval:org.mitre.oval:def:24069
Title:	ELSA-2013:0646: pidgin security update (Moderate)
Description:	upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0646-01 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274	Version:	17
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	pidgin
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test pidgin-perl is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-tcl is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-docs is earlier than 0:2.7.9-10.el6_4.1 AND libpurple is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-perl is earlier than 0:2.7.9-10.el6_4.1 AND finch-devel is earlier than 0:2.7.9-10.el6_4.1 AND finch is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin is earlier than 0:2.7.9-10.el6_4.1 OR rpm test Oracle Linux 5.x AND rpm test libpurple-tcl is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-perl is earlier than 0:2.6.6-17.el5_9.1 AND libpurple is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-perl is earlier than 0:2.6.6-17.el5_9.1 AND finch-devel is earlier than 0:2.6.6-17.el5_9.1 AND finch is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin is earlier than 0:2.6.6-17.el5_9.1

Definition Id: oval:org.mitre.oval:def:25961

Oval ID:	oval:org.mitre.oval:def:25961
Title:	SUSE-SU-2013:0388-1 -- Security update for pidgin
Description:	idgin was updated to fix 4 security issues: * Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) * Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) * Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272, bnc#804742) * Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742)
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0388-1 CVE-2013-0274 CVE-2013-0273 CVE-2013-0272 CVE-2013-0271	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11 SUSE Linux Enterprise Desktop 10	Product(s):	pidgin
Definition Synopsis:
SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed Packages match section finch RPM is earlier than 0:2.6.6-0.19.1 AND libpurple RPM is earlier than 0:2.6.6-0.19.1 AND libpurple-lang RPM is earlier than 0:2.6.6-0.19.1 AND libpurple-meanwhile RPM is earlier than 0:2.6.6-0.19.1 AND libpurple-tcl RPM is earlier than 0:2.6.6-0.19.1 AND pidgin RPM is earlier than 0:2.6.6-0.19.1 AND SUSE Linux Enterprise Desktop 10 release section SUSE Linux Enterprise Desktop 10 is installed Packages match section finch RPM is earlier than 0:2.6.6-0.20.1 AND libpurple RPM is earlier than 0:2.6.6-0.20.1 AND pidgin RPM is earlier than 0:2.6.6-0.20.1

Definition Id: oval:org.mitre.oval:def:27618

Oval ID:	oval:org.mitre.oval:def:27618
Title:	DEPRECATED: ELSA-2013-0646 -- pidgin security update (moderate)
Description:	[2.7.9-10.el6_4.1] - Fix spec file for disttag [2.7.9-10.el6] - Add patch for CVE-2013-0274 (RH bug #910653). [2.7.9-9.el6] - Add patch for CVE-2013-0273 (RH bug #910653). [2.7.9-8.el6] - Add patch for CVE-2013-0272 (RH bug #910653). [2.7.9-7.el6] - Add patch for CVE-2011-2485 (RH bug #837562). [2.7.9-6.el6] - Add patch for CVE-2012-1178 (RH bug #837560). - Add patch for CVE-2012-2318 (RH bug #837560). - Add patch for CVE-2012-3374 (RH bug #837560).
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0646 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	pidgin
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section pidgin is earlier than 0:2.6.6-17.el5_9.1 AND finch is earlier than 0:2.6.6-17.el5_9.1 AND finch-devel is earlier than 0:2.6.6-17.el5_9.1 AND libpurple is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-devel is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-perl is earlier than 0:2.6.6-17.el5_9.1 AND libpurple-tcl is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-devel is earlier than 0:2.6.6-17.el5_9.1 AND pidgin-perl is earlier than 0:2.6.6-17.el5_9.1 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section pidgin is earlier than 0:2.7.9-10.el6_4.1 AND finch is earlier than 0:2.7.9-10.el6_4.1 AND finch-devel is earlier than 0:2.7.9-10.el6_4.1 AND libpurple is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-devel is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-perl is earlier than 0:2.7.9-10.el6_4.1 AND libpurple-tcl is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-devel is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-docs is earlier than 0:2.7.9-10.el6_4.1 AND pidgin-perl is earlier than 0:2.7.9-10.el6_4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Pidgin cpe:2.3:a:pidgin:pidgin:2.9.0:::::::* cpe:2.3:a:pidgin:pidgin:2.8.0:::::::* cpe:2.3:a:pidgin:pidgin:2.7.9:::::::* cpe:2.3:a:pidgin:pidgin:2.7.8:::::::* cpe:2.3:a:pidgin:pidgin:2.7.7:::::::* cpe:2.3:a:pidgin:pidgin:2.7.6:::::::* cpe:2.3:a:pidgin:pidgin:2.7.5:::::::* cpe:2.3:a:pidgin:pidgin:2.7.4:::::::* cpe:2.3:a:pidgin:pidgin:2.7.3:::::::* cpe:2.3:a:pidgin:pidgin:2.7.2:::::::* cpe:2.3:a:pidgin:pidgin:2.7.11:::::::* cpe:2.3:a:pidgin:pidgin:2.7.10:::::::* cpe:2.3:a:pidgin:pidgin:2.7.1:::::::* cpe:2.3:a:pidgin:pidgin:2.7.0:::::::* cpe:2.3:a:pidgin:pidgin:2.6.6:::::::* cpe:2.3:a:pidgin:pidgin:2.6.5:::::::* cpe:2.3:a:pidgin:pidgin:2.6.4:::::::* cpe:2.3:a:pidgin:pidgin:2.6.3:::::::* cpe:2.3:a:pidgin:pidgin:2.6.2:::::::* cpe:2.3:a:pidgin:pidgin:2.6.1:::::::* cpe:2.3:a:pidgin:pidgin:2.6.0:::::::* cpe:2.3:a:pidgin:pidgin:2.5.9:::::::* cpe:2.3:a:pidgin:pidgin:2.5.8:::::::* cpe:2.3:a:pidgin:pidgin:2.5.7:::::::* cpe:2.3:a:pidgin:pidgin:2.5.6:::::::* cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.5:::::::* cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.4:::::::* cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.3:::::::* cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.2:::::::* cpe:2.3:a:pidgin:pidgin:2.5.1:::::::* cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.5.0:::::::* cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.4.3:::::::* cpe:2.3:a:pidgin:pidgin:2.4.2:::::::* cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.4.1:::::::* cpe:2.3:a:pidgin:pidgin:2.4.0:::::::* cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:::::: cpe:2.3:a:pidgin:pidgin:2.3.1:::::::* cpe:2.3:a:pidgin:pidgin:2.3.0:::::::* cpe:2.3:a:pidgin:pidgin:2.2.2:::::::* cpe:2.3:a:pidgin:pidgin:2.2.1:::::::* cpe:2.3:a:pidgin:pidgin:2.2.0:::::::* cpe:2.3:a:pidgin:pidgin:2.10.6:::::::* cpe:2.3:a:pidgin:pidgin:2.10.5:::::::* cpe:2.3:a:pidgin:pidgin:2.10.4:::::::* cpe:2.3:a:pidgin:pidgin:2.10.3:::::::* cpe:2.3:a:pidgin:pidgin:2.10.2:::::::* cpe:2.3:a:pidgin:pidgin:2.10.1:::::::* cpe:2.3:a:pidgin:pidgin:2.10.0:::::::* cpe:2.3:a:pidgin:pidgin:2.1.1:::::::* cpe:2.3:a:pidgin:pidgin:2.1.0:::::::* cpe:2.3:a:pidgin:pidgin:2.0.2::linux::::: cpe:2.3:a:pidgin:pidgin:2.0.2:::::::* cpe:2.3:a:pidgin:pidgin:2.0.1:::::::* cpe:2.3:a:pidgin:pidgin:2.0.0:::::::* cpe:2.3:a:pidgin:pidgin:1.5.1:::::::* cpe:2.3:a:pidgin:pidgin:::::::: cpe:2.3:a:pidgin:pidgin:-:::::::*	65

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_pidgin_20140731.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-177.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-231.nasl - Type : ACT_GATHER_INFO
2014-05-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-22.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0646.nasl - Type : ACT_GATHER_INFO
2013-03-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0646.nasl - Type : ACT_GATHER_INFO
2013-03-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0646.nasl - Type : ACT_GATHER_INFO
2013-03-15	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130314_pidgin_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-11	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_549787c1891611e2854968b599b52a02.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_finch-130227.nasl - Type : ACT_GATHER_INFO
2013-03-05	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_finch-8475.nasl - Type : ACT_GATHER_INFO
2013-02-26	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1746-1.nasl - Type : ACT_GATHER_INFO
2013-02-18	Name : An instant messaging client installed on the remote Windows host is affected ... File : pidgin_2_10_7.nasl - Type : ACT_GATHER_INFO
2013-02-14	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-044-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:01:36	Multiple Updates
2013-02-25 17:17:39	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	10
CPE ID(s)	65
Nessus® Exploit(s)	14

	Related
6.8	CVE-2013-0272
5	CVE-2013-0273
5	CVE-2013-0271
2.9	CVE-2013-0274
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

6.8 - USN-1746-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU