Slackware Local Security Checks : Slackware: Security Advisory (SSA:2009-231-02)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64769

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2009-231-02)

Resumen: The remote host is missing an update for the 'pidgin' package(s) announced via the SSA:2009-231-02 advisory.

Descripción: Summary:
The remote host is missing an update for the 'pidgin' package(s) announced via the SSA:2009-231-02 advisory.

Vulnerability Insight:
New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current
to fix a security issue.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

[link moved to references]

Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz:
This update fixes a bug in Pidgin's MSN protocol implementation that can
allow a remote attacker to send a malicious MSN message to a Pidgin user,
which will possibly cause arbitrary code to be executed as that user.
This issue was discovered by Federico Muttis of Core Security Technologies.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'pidgin' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2694
Debian Security Information: DSA-1870 (Google Search)
http://www.debian.org/security/2009/dsa-1870
http://www.exploit-db.com/exploits/9615
http://www.coresecurity.com/content/libpurple-arbitrary-write
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320
RedHat Security Advisories: RHSA-2009:1218
https://rhn.redhat.com/errata/RHSA-2009-1218.html
http://secunia.com/advisories/36384
http://secunia.com/advisories/36392
http://secunia.com/advisories/36401
http://secunia.com/advisories/36402
http://secunia.com/advisories/36708
http://secunia.com/advisories/37071
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1
http://www.vupen.com/english/advisories/2009/2303
http://www.vupen.com/english/advisories/2009/2663

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64769
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2009-231-02)
Resumen:	The remote host is missing an update for the 'pidgin' package(s) announced via the SSA:2009-231-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the SSA:2009-231-02 advisory. Vulnerability Insight: New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix a security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz: This update fixes a bug in Pidgin's MSN protocol implementation that can allow a remote attacker to send a malicious MSN message to a Pidgin user, which will possibly cause arbitrary code to be executed as that user. This issue was discovered by Federico Muttis of Core Security Technologies. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'pidgin' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2694 Debian Security Information: DSA-1870 (Google Search) http://www.debian.org/security/2009/dsa-1870 http://www.exploit-db.com/exploits/9615 http://www.coresecurity.com/content/libpurple-arbitrary-write https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 RedHat Security Advisories: RHSA-2009:1218 https://rhn.redhat.com/errata/RHSA-2009-1218.html http://secunia.com/advisories/36384 http://secunia.com/advisories/36392 http://secunia.com/advisories/36401 http://secunia.com/advisories/36402 http://secunia.com/advisories/36708 http://secunia.com/advisories/37071 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 http://www.vupen.com/english/advisories/2009/2303 http://www.vupen.com/english/advisories/2009/2663
Copyright	Copyright (C) 2012 Greenbone AG