Detections
Analytics
Debian DLA-542-1 : pidgin security update
high Nessus Plugin ID 91922
Language:
Synopsis
The remote Debian host is missing a security update.Description
Numerous security issues have been identified and fixed in Pidgin in Debian/Wheezy.CVE-2016-2365
MXIT Markup Command Denial of Service Vulnerability
CVE-2016-2366
MXIT Table Command Denial of Service Vulnerability
CVE-2016-2367
MXIT Avatar Length Memory Disclosure Vulnerability
CVE-2016-2368
MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities
CVE-2016-2369
MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability
CVE-2016-2370
MXIT Custom Resource Denial of Service Vulnerability
CVE-2016-2371
MXIT Extended Profiles Code Execution Vulnerability
CVE-2016-2372
MXIT File Transfer Length Memory Disclosure Vulnerability
CVE-2016-2373
MXIT Contact Mood Denial of Service Vulnerability
CVE-2016-2374
MXIT MultiMX Message Code Execution Vulnerability
CVE-2016-2375
MXIT Suggested Contacts Memory Disclosure Vulnerability
CVE-2016-2376
MXIT read stage 0x3 Code Execution Vulnerability
CVE-2016-2377
MXIT HTTP Content-Length Buffer Overflow Vulnerability
CVE-2016-2378
MXIT get_utf8_string Code Execution Vulnerability
CVE-2016-2380
MXIT mxit_convert_markup_tx Information Leak Vulnerability
CVE-2016-4323
MXIT Splash Image Arbitrary File Overwrite Vulnerability
For Debian 7 'Wheezy', these problems have been fixed in version 2.10.10-1~deb7u2.
We recommend that you upgrade your pidgin packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Upgrade the affected packages.See Also
https://lists.debian.org/debian-lts-announce/2016/07/msg00003.html
Plugin Details
Severity: High
ID: 91922
File Name: debian_DLA-542.nasl
Version: 2.13
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 7/5/2016
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libpurple-bin, p-cpe:/a:debian:debian_linux:finch, p-cpe:/a:debian:debian_linux:libpurple-dev, p-cpe:/a:debian:debian_linux:pidgin-data, cpe:/o:debian:debian_linux:7.0, p-cpe:/a:debian:debian_linux:finch-dev, p-cpe:/a:debian:debian_linux:libpurple0, p-cpe:/a:debian:debian_linux:pidgin, p-cpe:/a:debian:debian_linux:pidgin-dev, p-cpe:/a:debian:debian_linux:pidgin-dbg
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 7/4/2016
Reference Information
CVE: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323