Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23033
HistoryJan 13, 2010 - 12:00 a.m.

[ MDVSA-2010:002 ] pidgin

2010-01-1300:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2010:002
http://www.mandriva.com/security/

Package : pidgin
Date : January 11, 2010
Affected: 2010.0

Problem Description:

A security vulnerability has been identified and fixed in pidgin:

Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a … (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).

This update provides pidgin 2.6.5, which is not vulnerable to this
issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013
http://pidgin.im/news/security/

Updated Packages:

Mandriva Linux 2010.0:
0b141dc591a1677affc824e714c0bfa5 2010.0/i586/finch-2.6.5-0.1mdv2010.0.i586.rpm
3d851548d89644efdfb701ba90c468da 2010.0/i586/libfinch0-2.6.5-0.1mdv2010.0.i586.rpm
91a4b9783856ae2565c2cd3a9b27ebb6 2010.0/i586/libpurple0-2.6.5-0.1mdv2010.0.i586.rpm
a0c9e1a42b96b117822968b581869513 2010.0/i586/libpurple-devel-2.6.5-0.1mdv2010.0.i586.rpm
ec2f185f4aaf4a83fdd95d1ee5023c4c 2010.0/i586/pidgin-2.6.5-0.1mdv2010.0.i586.rpm
aefdd5492a98e1823ba0c7286b3558b9 2010.0/i586/pidgin-bonjour-2.6.5-0.1mdv2010.0.i586.rpm
92599926774c68178a399e8e6b680029 2010.0/i586/pidgin-client-2.6.5-0.1mdv2010.0.i586.rpm
1d213714f4d9da85fd0bac7e793aa0d5 2010.0/i586/pidgin-gevolution-2.6.5-0.1mdv2010.0.i586.rpm
a1e458dcd2c10987934208d9a18cd2b5 2010.0/i586/pidgin-i18n-2.6.5-0.1mdv2010.0.i586.rpm
afc26ed9b344e3d4317fd7e32b88fa88 2010.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2010.0.i586.rpm
3233cfec46020dbff5ef6f6fa4a4025e 2010.0/i586/pidgin-mono-2.6.5-0.1mdv2010.0.i586.rpm
48a5641b1104620aba0e2cbfa65a101f 2010.0/i586/pidgin-perl-2.6.5-0.1mdv2010.0.i586.rpm
44461abfbd8bc983a1e440a331ddc823 2010.0/i586/pidgin-plugins-2.6.5-0.1mdv2010.0.i586.rpm
80e0cedd0d60fe626dc5253db502e1bd 2010.0/i586/pidgin-silc-2.6.5-0.1mdv2010.0.i586.rpm
531a6537d9bf005ee54aece14aa48eb6 2010.0/i586/pidgin-tcl-2.6.5-0.1mdv2010.0.i586.rpm
83d0f2b5bb31e313c53c4d40ca8fe1da 2010.0/SRPMS/pidgin-2.6.5-0.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
e27d2817c814cf90bad7e205081402a2 2010.0/x86_64/finch-2.6.5-0.1mdv2010.0.x86_64.rpm
611f230ca512ad0db64acc14ef06e148 2010.0/x86_64/lib64finch0-2.6.5-0.1mdv2010.0.x86_64.rpm
8ae845e339ca97ebdd7f302eac3e5899 2010.0/x86_64/lib64purple0-2.6.5-0.1mdv2010.0.x86_64.rpm
525a83c8cb39f1b8a5c54d1ee91d5e49
2010.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2010.0.x86_64.rpm
2ef31af24eb8a4c2706e67f941ad9fa3 2010.0/x86_64/pidgin-2.6.5-0.1mdv2010.0.x86_64.rpm
f8d2d37e7e9f070ec94339c2a3b6b8f0 2010.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2010.0.x86_64.rpm
45038a16defd0813f381fea1b184697a 2010.0/x86_64/pidgin-client-2.6.5-0.1mdv2010.0.x86_64.rpm
9f48d1a4af0d24195610a0392f721acb
2010.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2010.0.x86_64.rpm
6c7d1fcb4f0ba1a1b32d04ecaf51ce59 2010.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2010.0.x86_64.rpm
7efbc4ca6f8028476e6a842238d5e19c
2010.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2010.0.x86_64.rpm
58f135d340961f21b7b7a37931c7bf1d 2010.0/x86_64/pidgin-mono-2.6.5-0.1mdv2010.0.x86_64.rpm
798c84ae196fdedbeddb8d71374ce063 2010.0/x86_64/pidgin-perl-2.6.5-0.1mdv2010.0.x86_64.rpm
507b908bb81dc61cd633fccea1023314 2010.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2010.0.x86_64.rpm
48518b319bc1c5a5a452be9ceb522763 2010.0/x86_64/pidgin-silc-2.6.5-0.1mdv2010.0.x86_64.rpm
b38b6ee90af7cee2298ba8f191b7fcc6 2010.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2010.0.x86_64.rpm
83d0f2b5bb31e313c53c4d40ca8fe1da 2010.0/SRPMS/pidgin-2.6.5-0.1mdv2010.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLS6HImqjQ0CJFipgRAtFeAKDDgB5ajBW96Sv5YBFoCprgN7m57gCbBWjf
aW7W6V/HuduwIHmOC3pXQhA=
=uVD5
-----END PGP SIGNATURE-----

Related

cve 3
openvas 43
prion 2
nessus 26
debiancve 2
ubuntucve 2
cert 1
securityvulns 2
packetstorm 1
fedora 8
seebug 1
centos 1
oraclelinux 1
veracode 1
redhat 1
slackware 1
exploitpack 1
debian 4
exploitdb 1
gentoo 1
altlinux 1
ubuntu 1
cve
cve
CVE-2010-0013
2010-01-09 18:30:00
CVE-2004-0122
2004-04-15 04:00:00
CVE-2010-0277
2010-01-09 18:30:00
openvas
openvas
Mandriva Update for pidgin MDVSA-2010:002 (pidgin)
2010-01-15 00:00:00
Mandriva Update for pidgin MDVSA-2010:002 (pidgin)
2010-01-15 00:00:00
Mandriva Update for pidgin MDVSA-2010:001 (pidgin)
2010-01-15 00:00:00
prion
prion
Directory traversal
2010-01-09 18:30:00
Memory corruption
2010-01-09 18:30:00
nessus
nessus
Mandriva Linux Security Advisory : pidgin (MDVSA-2010:002)
2010-07-30 00:00:00
Mandriva Linux Security Advisory : pidgin (MDVSA-2010:001)
2010-01-12 00:00:00
MS04-010: MSN Messenger Information Disclosure (838512)
2004-03-09 00:00:00
debiancve
debiancve
CVE-2010-0013
2010-01-09 18:30:00
CVE-2010-0277
2010-01-09 18:30:00
ubuntucve
ubuntucve
CVE-2010-0013
2010-01-09 00:00:00
CVE-2010-0277
2010-01-09 00:00:00
cert
cert
Microsoft MSN Messenger fails to properly validate file requests
2004-03-10 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS04-010
2004-03-10 00:00:00
libpurple / Pidgin / Adium directory traversal
2010-01-13 00:00:00
packetstorm
packetstorm
Pidgin MSN 2.6.4 File Download
2010-01-20 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: pidgin-2.6.5-1.fc12
2010-01-12 20:39:30
[SECURITY] Fedora 12 Update: pidgin-2.6.6-1.fc12
2010-02-20 00:26:26
[SECURITY] Fedora 12 Update: pidgin-2.7.0-2.fc12
2010-05-24 19:48:53
seebug
seebug
Pidgin MSN <= 2.6.4 File Download Vulnerability
2014-07-01 00:00:00
centos
centos
finch, libpurple, pidgin security update
2010-01-14 21:33:39
oraclelinux
oraclelinux
pidgin security update
2010-01-14 00:00:00
veracode
veracode
Directory Traversal
2020-04-10 00:43:30
redhat
redhat
(RHSA-2010:0044) Important: pidgin security update
2010-01-14 00:00:00
slackware
slackware
[slackware-security] pidgin
2010-01-25 05:20:22
exploitpack
exploitpack
Pidgin MSN 2.6.4 - File Download
2010-01-19 00:00:00
debian
debian
[Backports-security-announce] Security Update for pidgin
2010-01-29 07:06:11
[Backports-security-announce] Security Update for pidgin
2010-01-29 07:16:12
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:27:39
exploitdb
exploitdb
Pidgin MSN 2.6.4 - File Download
2010-01-19 00:00:00
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2012-06-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.1-alt1
2010-06-13 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2010-01-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:23033
cve3openvas43prion2nessus26debiancve2ubuntucve2cert1securityvulns2packetstorm1fedora8seebug1centos1oraclelinux1veracode1redhat1slackware1exploitpack1debian4exploitdb1gentoo1altlinux1ubuntu1