Test ID:	1.3.6.1.4.1.25623.1.0.69187
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0890
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0890. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for authentication. (CVE-2010-3711) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter. All Pidgin users should upgrade to these updated packages, which contain a backported patch to resolve these issues. Pidgin must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0890.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3711 1024623 http://securitytracker.com/id?1024623 41893 http://secunia.com/advisories/41893 41899 http://secunia.com/advisories/41899 42075 http://secunia.com/advisories/42075 42294 http://secunia.com/advisories/42294 44283 http://www.securityfocus.com/bid/44283 68773 http://www.osvdb.org/68773 ADV-2010-2753 http://www.vupen.com/english/advisories/2010/2753 ADV-2010-2754 http://www.vupen.com/english/advisories/2010/2754 ADV-2010-2755 http://www.vupen.com/english/advisories/2010/2755 ADV-2010-2847 http://www.vupen.com/english/advisories/2010/2847 ADV-2010-2851 http://www.vupen.com/english/advisories/2010/2851 ADV-2010-2870 http://www.vupen.com/english/advisories/2010/2870 FEDORA-2010-16629 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html FEDORA-2010-16876 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html FEDORA-2010-17130 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html MDVSA-2010:208 http://www.mandriva.com/security/advisories?name=MDVSA-2010:208 RHSA-2010:0788 http://www.redhat.com/support/errata/RHSA-2010-0788.html RHSA-2010:0890 http://www.redhat.com/support/errata/RHSA-2010-0890.html SSA:2010-305-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352 USN-1014-1 http://www.ubuntu.com/usn/USN-1014-1 http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc http://pidgin.im/news/security/?id=48 https://bugzilla.redhat.com/show_bug.cgi?id=641921 oval:org.mitre.oval:def:18506 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506 pidgin-purplebase64decode-dos(62708) https://exchange.xforce.ibmcloud.com/vulnerabilities/62708
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.