Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0295)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0295

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0295)

Resumen: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory.

Descripción: Summary:
The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory.

Vulnerability Insight:
Updated pidgin packages fix security vulnerability:

It was discovered that libgadu incorrectly handled certain messages from
file relay servers. A malicious remote server or a man in the middle could
use this issue to cause applications using libgadu to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2014-3775).

The pidgin package was built with a bundled copy of the libgadu library which
contained the vulnerable code. It has now been built against the external
libgadu library, which had been fixed in a previous update.

This update also fixes an issue with the Yahoo! protocol that was caused by a
bad interaction with the GnuTLS library.

Affected Software/OS:
'pidgin' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3775
BugTraq ID: 67471
http://www.securityfocus.com/bid/67471
Debian Security Information: DSA-2935 (Google Search)
http://www.debian.org/security/2014/dsa-2935
https://security.gentoo.org/glsa/201508-02
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
http://www.openwall.com/lists/oss-security/2014/05/19/3
http://secunia.com/advisories/58668
http://secunia.com/advisories/58870
http://secunia.com/advisories/58871
http://www.ubuntu.com/usn/USN-2215-1
http://www.ubuntu.com/usn/USN-2216-1

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0295
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0295)
Resumen:	The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0295 advisory. Vulnerability Insight: Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-3775). The pidgin package was built with a bundled copy of the libgadu library which contained the vulnerable code. It has now been built against the external libgadu library, which had been fixed in a previous update. This update also fixes an issue with the Yahoo! protocol that was caused by a bad interaction with the GnuTLS library. Affected Software/OS: 'pidgin' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3775 BugTraq ID: 67471 http://www.securityfocus.com/bid/67471 Debian Security Information: DSA-2935 (Google Search) http://www.debian.org/security/2014/dsa-2935 https://security.gentoo.org/glsa/201508-02 http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html http://www.openwall.com/lists/oss-security/2014/05/19/3 http://secunia.com/advisories/58668 http://secunia.com/advisories/58870 http://secunia.com/advisories/58871 http://www.ubuntu.com/usn/USN-2215-1 http://www.ubuntu.com/usn/USN-2216-1
Copyright	Copyright (C) 2022 Greenbone AG