Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-2390-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.842015

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-2390-1)

Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the USN-2390-1 advisory.

Description: Summary:
The remote host is missing an update for the 'pidgin' package(s) announced via the USN-2390-1 advisory.

Vulnerability Insight:
Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly
handled certificate validation. A remote attacker could exploit this to
perform a machine-in-the-middle attack to view sensitive information or alter
encrypted communications. (CVE-2014-3694)

Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled
certain malformed MXit emoticons. A malicious remote server or a
machine-in-the-middle could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2014-3695)

Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled
certain malformed Groupwise messages. A malicious remote server or a
machine-in-the-middle could use this issue to cause Pidgin to crash,
resulting in a denial of service. (CVE-2014-3696)

Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handled
memory when processing XMPP messages. A malicious remote server or user
could use this issue to cause Pidgin to disclosure arbitrary memory,
resulting in an information leak. (CVE-2014-3698)

Affected Software/OS:
'pidgin' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10.

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3694
Debian Security Information: DSA-3055 (Google Search)
http://www.debian.org/security/2014/dsa-3055
RedHat Security Advisories: RHSA-2017:1854
https://access.redhat.com/errata/RHSA-2017:1854
http://secunia.com/advisories/60741
http://secunia.com/advisories/61968
SuSE Security Announcement: openSUSE-SU-2014:1376 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html
SuSE Security Announcement: openSUSE-SU-2014:1397 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html
http://www.ubuntu.com/usn/USN-2390-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3695
Common Vulnerability Exposure (CVE) ID: CVE-2014-3696
Common Vulnerability Exposure (CVE) ID: CVE-2014-3698

Copyright Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.842015
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2390-1)
Summary:	The remote host is missing an update for the 'pidgin' package(s) announced via the USN-2390-1 advisory.
Description:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the USN-2390-1 advisory. Vulnerability Insight: Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3694) Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain malformed MXit emoticons. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2014-3695) Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled certain malformed Groupwise messages. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2014-3696) Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handled memory when processing XMPP messages. A malicious remote server or user could use this issue to cause Pidgin to disclosure arbitrary memory, resulting in an information leak. (CVE-2014-3698) Affected Software/OS: 'pidgin' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3694 Debian Security Information: DSA-3055 (Google Search) http://www.debian.org/security/2014/dsa-3055 RedHat Security Advisories: RHSA-2017:1854 https://access.redhat.com/errata/RHSA-2017:1854 http://secunia.com/advisories/60741 http://secunia.com/advisories/61968 SuSE Security Announcement: openSUSE-SU-2014:1376 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html SuSE Security Announcement: openSUSE-SU-2014:1397 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html http://www.ubuntu.com/usn/USN-2390-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3695 Common Vulnerability Exposure (CVE) ID: CVE-2014-3696 Common Vulnerability Exposure (CVE) ID: CVE-2014-3698
Copyright	Copyright (C) 2014 Greenbone AG