Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0102
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0102)
Summary:	The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2017-0102 advisory.
Description:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2017-0102 advisory. Vulnerability Insight: A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side (CVE-2017-2640). The pidgin package has been updated to version 2.12.0, which fixes this issue and other bugs, including certificate validation for the Google Talk protocol. It also removes protocol plugins for services that are no longer available or supported. See the upstream ChangeLog for details. Affected Software/OS: 'pidgin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2640 BugTraq ID: 96775 http://www.securityfocus.com/bid/96775 Debian Security Information: DSA-3806 (Google Search) https://www.debian.org/security/2017/dsa-3806 https://security.gentoo.org/glsa/201706-10 RedHat Security Advisories: RHSA-2017:1854 https://access.redhat.com/errata/RHSA-2017:1854
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.