Debian DSA-3055-1 : pidgin - security update

medium Nessus Plugin ID 78659

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client :

- CVE-2014-3694 It was discovered that the SSL/TLS plugins failed to validate the basic constraints extension in intermediate CA certificates.

- CVE-2014-3695 Yves Younan and Richard Johnson discovered that emoticons with overly large length values could crash Pidgin.

- CVE-2014-3696 Yves Younan and Richard Johnson discovered that malformed Groupwise messages could crash Pidgin.

- CVE-2014-3698 Thijs Alkemade and Paul Aurich discovered that malformed XMPP messages could result in memory disclosure.

Solution

Upgrade the pidgin packages.

For the stable distribution (wheezy), these problems have been fixed in version 2.10.10-1~deb7u1.

See Also

https://security-tracker.debian.org/tracker/CVE-2014-3694

https://security-tracker.debian.org/tracker/CVE-2014-3695

https://security-tracker.debian.org/tracker/CVE-2014-3696

https://security-tracker.debian.org/tracker/CVE-2014-3698

https://packages.debian.org/source/wheezy/pidgin

https://www.debian.org/security/2014/dsa-3055

Plugin Details

Severity: Medium

ID: 78659

File Name: debian_DSA-3055.nasl

Version: 1.9

Type: local

Agent: unix

Published: 10/24/2014

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:pidgin, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 10/23/2014

Reference Information

CVE: CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698

BID: 70701, 70702, 70703, 70705

DSA: 3055