Ubuntu Security Notice 886-1 - It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler, enforce the "require TLS/SSL" setting when connecting to certain older Jabber servers, did not properly handle certain SLP invite messages in the MSN protocol handler, did not properly handle certain errors in the XMPP protocol handler, did not properly handle malformed contact-list data in the OSCAR protocol handler and did not properly handle custom smiley requests in the MSN protocol handler.
1937188a7228cf7d3965e317d6df8276fcbc3f19dd39e90885336e6ce8c82d07Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.
7fa7a9e261705a1c8d79a87e1bd96c137a3fc7f7847a59247c6845386710d895Mandriva Linux Security Advisory 2009-025 - The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates. Pidgin 2.4.1 suffers from a denial of service issue. The UPnP functionality in Pidgin 2.0.0 suffers from a denial of service issue and an arbitrary file download vulnerability.
7c3e00ac8e2df1bc834ced81c5a9f3e08019d886ea3b288d1d0b0c578e40aec0Gentoo Linux Security Advisory GLSA 200901-13 - Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, denial of service and service spoofing. Versions less than 2.5.1 are affected.
5c8641ff9d8829a4bc791d6ebd5e292ed9e0f6181c8a3aa77d4706bac8585743Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login.
e5e3001e6d6476f98054192d0fafe30602a1312ac464eec120826a1864a9cd0f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed