CVE-2008-2957

Related Files

Mandriva Linux Security Advisory 2009-321

Posted Dec 7, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.

tags | advisory, vulnerability

systems | linux, mandriva

advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-2703, CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085

SHA-256 | 7fa7a9e261705a1c8d79a87e1bd96c137a3fc7f7847a59247c6845386710d895

Download | Favorite | View

Mandriva Linux Security Advisory 2009-025

Posted Jan 23, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-025 - The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates. Pidgin 2.4.1 suffers from a denial of service issue. The UPnP functionality in Pidgin 2.0.0 suffers from a denial of service issue and an arbitrary file download vulnerability.

tags | advisory, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532

SHA-256 | 7c3e00ac8e2df1bc834ced81c5a9f3e08019d886ea3b288d1d0b0c578e40aec0

Download | Favorite | View

Gentoo Linux Security Advisory 200901-13

Posted Jan 21, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-13 - Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, denial of service and service spoofing. Versions less than 2.5.1 are affected.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532

SHA-256 | 5c8641ff9d8829a4bc791d6ebd5e292ed9e0f6181c8a3aa77d4706bac8585743

Download | Favorite | View

Ubuntu Security Notice 675-1

Posted Nov 24, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login.

tags | advisory, remote, denial of service, arbitrary, protocol

systems | linux, ubuntu

advisories | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532

SHA-256 | e5e3001e6d6476f98054192d0fafe30602a1312ac464eec120826a1864a9cd0f

Download | Favorite | View