English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71993
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2011:132-1 (pidgin)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to pidgin
announced via advisory MDVSA-2011:132-1.

Multiple vulnerabilities has been identified and fixed in pidgin:

It was found that the gdk-pixbuf GIF image loader routine
gdk_pixbuf__gif_image_load() did not properly handle certain return
values from its subroutines. A remote attacker could provide a
specially-crafted GIF image, which, once opened in Pidgin, would lead
gdk-pixbuf to return a partially initialized pixbuf structure. Using
this structure, possibly containing a huge width and height, could
lead to the application being terminated due to excessive memory use
(CVE-2011-2485).

Certain characters in the nicknames of IRC users can trigger a
null pointer dereference in the IRC protocol plugin'
s handling of
responses to WHO requests. This can cause a crash on some operating
systems. Clients based on libpurple 2.8.0 through 2.9.0 are affected
(CVE-2011-2943).

Incorrect handling of HTTP 100 responses in the MSN protocol plugin
can cause the application to attempt to access memory that it does
not have access to. This only affects users who have turned on the
HTTP connection method for their accounts (it'
s off by default). This
might only be triggerable by a malicious server and not a malicious
peer. We believe remote code execution is not possible (CVE-2011-3184).

This update provides pidgin 2.10.0, which is not vulnerable to
these issues.

Update:

Packages for Mandriva Linux 2011 is now being provided as well. Enjoy!

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:132-1
http://pidgin.im/news/security/

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2485
45656
http://secunia.com/advisories/45656
49715
http://secunia.com/advisories/49715
GLSA-201206-20
http://security.gentoo.org/glsa/glsa-201206-20.xml
http://ftp.gnome.org/pub/GNOME/sources/gdk-pixbuf/2.23/gdk-pixbuf-2.23.5.news
http://git.gnome.org/browse/gdk-pixbuf/commit/?id=f8569bb13e2aa1584dde61ca545144750f7a7c98
Common Vulnerability Exposure (CVE) ID: CVE-2011-2943
1025961
http://securitytracker.com/id?1025961
45663
http://secunia.com/advisories/45663
45916
http://secunia.com/advisories/45916
49268
http://www.securityfocus.com/bid/49268
[oss-security] 20110820 CVE request: Pidgin crash
http://www.openwall.com/lists/oss-security/2011/08/20/2
[oss-security] 20110822 Re: CVE request: Pidgin crash
http://www.openwall.com/lists/oss-security/2011/08/22/2
http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c
http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43
http://pidgin.im/news/security/?id=53
https://bugzilla.redhat.com/show_bug.cgi?id=722939
oval:org.mitre.oval:def:18005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005
pidgin-irc-protocol-dos(69340)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69340
Common Vulnerability Exposure (CVE) ID: CVE-2011-3184
FEDORA-2011-11544
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html
FEDORA-2011-11595
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html
http://www.openwall.com/lists/oss-security/2011/08/22/10
http://www.openwall.com/lists/oss-security/2011/08/22/12
http://www.openwall.com/lists/oss-security/2011/08/22/4
http://www.openwall.com/lists/oss-security/2011/08/22/7
http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c
http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1
http://pidgin.im/news/security/?id=54
https://bugzilla.redhat.com/show_bug.cgi?id=732405
oval:org.mitre.oval:def:18284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284
pidgin-msn-protocol-dos(69341)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69341
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.