Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0295)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0295

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0295)

Zusammenfassung: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory.

Vulnerability Insight:
Updated pidgin packages fix security vulnerability:

It was discovered that libgadu incorrectly handled certain messages from
file relay servers. A malicious remote server or a man in the middle could
use this issue to cause applications using libgadu to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2014-3775).

The pidgin package was built with a bundled copy of the libgadu library which
contained the vulnerable code. It has now been built against the external
libgadu library, which had been fixed in a previous update.

This update also fixes an issue with the Yahoo! protocol that was caused by a
bad interaction with the GnuTLS library.

Affected Software/OS:
'pidgin' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3775
BugTraq ID: 67471
http://www.securityfocus.com/bid/67471
Debian Security Information: DSA-2935 (Google Search)
http://www.debian.org/security/2014/dsa-2935
https://security.gentoo.org/glsa/201508-02
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
http://www.openwall.com/lists/oss-security/2014/05/19/3
http://secunia.com/advisories/58668
http://secunia.com/advisories/58870
http://secunia.com/advisories/58871
http://www.ubuntu.com/usn/USN-2215-1
http://www.ubuntu.com/usn/USN-2216-1

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0295
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0295)
Zusammenfassung:	The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory. Vulnerability Insight: Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-3775). The pidgin package was built with a bundled copy of the libgadu library which contained the vulnerable code. It has now been built against the external libgadu library, which had been fixed in a previous update. This update also fixes an issue with the Yahoo! protocol that was caused by a bad interaction with the GnuTLS library. Affected Software/OS: 'pidgin' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3775 BugTraq ID: 67471 http://www.securityfocus.com/bid/67471 Debian Security Information: DSA-2935 (Google Search) http://www.debian.org/security/2014/dsa-2935 https://security.gentoo.org/glsa/201508-02 http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html http://www.openwall.com/lists/oss-security/2014/05/19/3 http://secunia.com/advisories/58668 http://secunia.com/advisories/58870 http://secunia.com/advisories/58871 http://www.ubuntu.com/usn/USN-2215-1 http://www.ubuntu.com/usn/USN-2216-1
Copyright	Copyright (C) 2022 Greenbone AG