Description: | Description: The remote host is missing an update to pidgin announced via advisory USN-781-1.
Details follow:
It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)
It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374)
It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375)
It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)
Solution: The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.04 LTS: pidgin 1:2.4.1-1ubuntu2.4
Ubuntu 8.10: pidgin 1:2.5.2-0ubuntu1.2
Ubuntu 9.04: pidgin 1:2.5.5-1ubuntu8.1
After a standard system upgrade you need to restart Pidgin to effect the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-781-1
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|