Pardus alert 2010-116 (pidgin)

From:
    	     
 
Eren Turkay <eren@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2010-116] Pidgin: Denial of Service 
Date:
    	     
 
Thu, 12 Aug 2010 23:05:46 +0300 (EEST)
Message-ID:
    	     
 
<20100812200546.80DA7A7AC49@lider.pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-116           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-08-12
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

A flaw has been fixed in Pidgin, which can allow  remote  attackers  to 
cause denial of service via X-Status message. 


Description
===========

CVE-2010-2528: 

The clientautoresp function in  family_icbm.c  in  the  oscar  protocol 
plugin in libpurple in Pidgin before 2.7.2 allows remote  authenticated 
users to cause a  denial  of  service  (NULL  pointer  dereference  and 
application crash) via an X-Status message that lacks the expected  end 
tag for a (1) desc or (2) title element. 


Affected packages:

  Pardus 2009:
    pidgin, all before 2.7.2-40-14


Resolution
==========

There are update(s) for pidgin. You can update them via Package Manager 
or with a single command from console: 

    pisi up pidgin

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=13948

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security