SuSE 11 Security Update : pidgin (SAT Patch Number 1604)

medium Nessus Plugin ID 42989

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

This update of pidgin fixes the following issues :

- Allowed to send confidential data unencrypted even if SSL was chosen by user. (CVE-2009-3026: CVSS v2 Base Score: 5.0)

- Remote denial of service in yahoo IM plug-in.
(CVE-2009-3025: CVSS v2 Base Score: 4.3)

- Remote denial of service in MSN plug-in. (CVE-2009-3083:
CVSS v2 Base Score: 5.0)

- Remote denial of service in MSN plug-in. (CVE-2009-3084:
CVSS v2 Base Score: 5.0)

- Remote denial of service in XMPP plug-in.
(CVE-2009-3085: CVSS v2 Base Score: 5.0)

- Remote denial of service in ICQ plug-in. (CVE-2009-3615:
CVSS v2 Base Score: 5.0)

Solution

Apply SAT patch number 1604.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=535570

https://bugzilla.novell.com/show_bug.cgi?id=535832

https://bugzilla.novell.com/show_bug.cgi?id=536602

https://bugzilla.novell.com/show_bug.cgi?id=548072

http://support.novell.com/security/cve/CVE-2009-3025.html

http://support.novell.com/security/cve/CVE-2009-3026.html

http://support.novell.com/security/cve/CVE-2009-3083.html

http://support.novell.com/security/cve/CVE-2009-3084.html

http://support.novell.com/security/cve/CVE-2009-3085.html

http://support.novell.com/security/cve/CVE-2009-3615.html

Plugin Details

Severity: Medium

ID: 42989

File Name: suse_11_finch-090221.nasl

Version: 1.12

Type: local

Agent: unix

Published: 12/3/2009

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:finch, p-cpe:/a:novell:suse_linux:11:gnome-vfs2-32bit, p-cpe:/a:novell:suse_linux:11:cdparanoia-32bit, p-cpe:/a:novell:suse_linux:11:fam, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libpurple, p-cpe:/a:novell:suse_linux:11:libogg0-32bit, p-cpe:/a:novell:suse_linux:11:pidgin, p-cpe:/a:novell:suse_linux:11:gstreamer-0_10, p-cpe:/a:novell:suse_linux:11:libpurple-lang, p-cpe:/a:novell:suse_linux:11:gnome-vfs2, p-cpe:/a:novell:suse_linux:11:liboil-32bit, p-cpe:/a:novell:suse_linux:11:gstreamer-0_10-32bit, p-cpe:/a:novell:suse_linux:11:cdparanoia, p-cpe:/a:novell:suse_linux:11:desktop-file-utils, p-cpe:/a:novell:suse_linux:11:pidgin-otr, p-cpe:/a:novell:suse_linux:11:fam-32bit, p-cpe:/a:novell:suse_linux:11:libogg0, p-cpe:/a:novell:suse_linux:11:liboil

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/21/2009

Reference Information

CVE: CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085, CVE-2009-3615

CWE: 119, 20, 310, 399