openSUSE Security Update : finch (finch-1625)

medium Nessus Plugin ID 43052

Synopsis

The remote openSUSE host is missing a security update.

Description

This update of pidgin fixes the following issues :

- CVE-2009-3026: CVSS v2 Base Score: 5.0 Allowed to send confidential data unencrypted even if SSL was chosen by user.

- CVE-2009-3025: CVSS v2 Base Score: 4.3 Remote denial of service in yahoo IM plug-in.

- CVE-2009-3083: CVSS v2 Base Score: 5.0 Remote denial of service in MSN plug-in.

- CVE-2009-3084: CVSS v2 Base Score: 5.0 Remote denial of service in MSN plug-in.

- CVE-2009-3085: CVSS v2 Base Score: 5.0 Remote denial of service in XMPP plug-in.

- CVE-2009-3615: CVSS v2 Base Score: 5.0 Remote denial of service in ICQ plug-in.

- QQ protocol upgrade Migrate all QQ accounts to QQ2008.

Solution

Update the affected finch packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=535570

https://bugzilla.novell.com/show_bug.cgi?id=535832

https://bugzilla.novell.com/show_bug.cgi?id=536602

https://bugzilla.novell.com/show_bug.cgi?id=548072

Plugin Details

Severity: Medium

ID: 43052

File Name: suse_11_1_finch-081203.nasl

Version: 1.10

Type: local

Agent: unix

Published: 12/8/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libpurple-mono, p-cpe:/a:novell:opensuse:gstreamer-0_10-lang, p-cpe:/a:novell:opensuse:desktop-file-utils, p-cpe:/a:novell:opensuse:fam-32bit, p-cpe:/a:novell:opensuse:libogg0, p-cpe:/a:novell:opensuse:pidgin, p-cpe:/a:novell:opensuse:liboil, p-cpe:/a:novell:opensuse:gstreamer-0_10-32bit, p-cpe:/a:novell:opensuse:gstreamer-0_10, p-cpe:/a:novell:opensuse:libpurple-lang, p-cpe:/a:novell:opensuse:finch-devel, p-cpe:/a:novell:opensuse:libvorbis-32bit, p-cpe:/a:novell:opensuse:cdparanoia-32bit, p-cpe:/a:novell:opensuse:check-32bit, p-cpe:/a:novell:opensuse:check, p-cpe:/a:novell:opensuse:liboil-32bit, p-cpe:/a:novell:opensuse:libgstreamer-0_10-0-32bit, p-cpe:/a:novell:opensuse:libpurple-meanwhile, p-cpe:/a:novell:opensuse:pidgin-devel, p-cpe:/a:novell:opensuse:gnome-vfs2-lang, p-cpe:/a:novell:opensuse:libvisual, p-cpe:/a:novell:opensuse:cdparanoia, p-cpe:/a:novell:opensuse:libtheora0, p-cpe:/a:novell:opensuse:libgstreamer-0_10-0, p-cpe:/a:novell:opensuse:libogg0-32bit, cpe:/o:novell:opensuse:11.1, p-cpe:/a:novell:opensuse:fam, p-cpe:/a:novell:opensuse:gnome-vfs2-32bit, p-cpe:/a:novell:opensuse:libpurple, p-cpe:/a:novell:opensuse:libtheora0-32bit, p-cpe:/a:novell:opensuse:libpurple-devel, p-cpe:/a:novell:opensuse:libvisual-32bit, p-cpe:/a:novell:opensuse:libvorbis, p-cpe:/a:novell:opensuse:gnome-vfs2, p-cpe:/a:novell:opensuse:finch, p-cpe:/a:novell:opensuse:pidgin-otr

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/3/2008

Reference Information

CVE: CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085, CVE-2009-3615

CWE: 119, 20, 310, 399