ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0102
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0102)
Resumen:	The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2017-0102 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2017-0102 advisory. Vulnerability Insight: A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side (CVE-2017-2640). The pidgin package has been updated to version 2.12.0, which fixes this issue and other bugs, including certificate validation for the Google Talk protocol. It also removes protocol plugins for services that are no longer available or supported. See the upstream ChangeLog for details. Affected Software/OS: 'pidgin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2640 BugTraq ID: 96775 http://www.securityfocus.com/bid/96775 Debian Security Information: DSA-3806 (Google Search) https://www.debian.org/security/2017/dsa-3806 https://security.gentoo.org/glsa/201706-10 RedHat Security Advisories: RHSA-2017:1854 https://access.redhat.com/errata/RHSA-2017:1854
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.