CentOS Update for finch CESA-2009:1453 centos5 i386

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'finch' package(s) announced via the referenced advisory.

Insight

Insight

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query (IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. (CVE-2009-3085) A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the 'Require SSL/TLS' setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure (session sniffing). (CVE-2009-3026) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) These packages upgrade Pidgin to version 2.6.2. Refer to the linked Pidgin release notes for a full list of changes. All Pidgin users should upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect.

Affected Software

Affected Software

finch on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)

Ready to dive in? Start your free trial today.

Companies of all sizes—from startups to Fortune 500s—use Mageni to scan their assets for vulnerabilities, reduce risk exposure and minimizing the likelihood of a data breach. Free for 7-days then $39 USD Monthly. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.

Get Started For Free
App screenshot