Debian Security Advisory 3055-1

Debian Security Advisory 3055-1: Posted Oct 24, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3055-1 - Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.; tags | advisory, vulnerability, protocol; systems | linux, debian; advisories | CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698; SHA-256 | 71a6874b3dc2259d8c5a453197bf19480a1798e328e3a60d8282fef8ae738580; Download | Favorite | View

Debian Security Advisory 3055-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3055-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 23, 2014                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pidgin
CVE ID         : CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol
instant messaging client:

CVE-2014-3694

    It was discovered that the SSL/TLS plugins failed to validate the
    basic constraints extension in intermediate CA certificates.

CVE-2014-3695

    Yves Younan and Richard Johnson discovered that emotictons with
    overly large length values could crash Pidgin.

CVE-2014-3696

    Yves Younan and Richard Johnson discovered that malformed Groupwise
    messages could crash Pidgin.

CVE-2014-3698

    Thijs Alkemade and Paul Aurich discovered that malformed XMPP 
    messages could result in memory disclosure.

For the stable distribution (wheezy), these problems have been fixed in
version 2.10.10-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 2.10.10-1.

We recommend that you upgrade your pidgin packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUSW11AAoJEBDCk7bDfE42D00QAKBHMtCgEJS6N44iWe/sCJTo
i0dY8E7r1vj6Qhrg6OuReRFp3+LmAkoFOX1BkgtYH/MgimM9qqr+X+zL4UBbd/J5
xz1PlqcCnZ9La+pgxa/lpXPT88eg6UgwPPdIuqwgGq9klfuVgmP2HPQtVqdJoo1r
h6KsiI6rXpjbFP26/EIMYDa+kelH6nTAThR6RCXdhbI9Jt27vrJXtaM1uBEp6Qu0
TzwahD2i9muNUjLECBfGhgjQ89rnCjd6B/CefDrIfEHJWcd86byFJq0rJrazx3qL
WcV9DEoGnVk1Tp7shB0SAOI62X5VgC2xCaf8H7iDr9FFPyoGBJSlBEoGGDWkAeBy
mVFc9x4LTzRbtEioQxW+PXJHn0EGOt1fHjWZOYZn99GeaBrZ3LlV7tHnIamQ8rWL
VG9eYXghRpM9soJCL53RKf0RObVEUm0yn0eYOaPyp2NRR2vq63zmZqbP3qM5EVTQ
2/VvbSGxWIaDZIKFjTcAQboJzYGqrrp4JOvdPoWYSH69anLumO/SCrmqo1FsNSGT
sttNRmRZmoE6X5BdB5an1B/TFBYs5EBaBlNMs3H/Z+qFTJBA0NLoxsBgbb/9cDVQ
OXAUxIxciJngqvgwFsH2ngzQqvFcgew2ow8qLBUagNooLT46p7ykj2kKVpF8uteU
oeNgRaWs2mVePieJ8ERW
=V2GE
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3055-1

Debian Security Advisory 3055-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3055-1

Share This

Debian Security Advisory 3055-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems