ID CVE-2008-3532
Summary The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
References
Vulnerable Configurations
  • Pidgin 2.4.3
    cpe:2.3:a:pidgin:pidgin:2.4.3
CVSS
Base: 6.8 (as of 11-08-2008 - 10:37)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200901-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-200901-13 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin and the libpurple library: A participant to the TippingPoint ZDI reported multiple integer overflows in the msn_slplink_process_msg() function in the MSN protocol implementation (CVE-2008-2927). Juan Pablo Lopez Yacubian is credited for reporting a use-after-free flaw in msn_slplink_process_msg() in the MSN protocol implementation (CVE-2008-2955). The included UPnP server does not limit the size of data to be downloaded for UPnP service discovery, according to a report by Andrew Hunt and Christian Grothoff (CVE-2008-2957). Josh Triplett discovered that the NSS plugin for libpurple does not properly verify SSL certificates (CVE-2008-3532). Impact : A remote attacker could send specially crafted messages or files using the MSN protocol which could result in the execution of arbitrary code or crash Pidgin. NOTE: Successful exploitation might require the victim's interaction. Furthermore, an attacker could conduct man-in-the-middle attacks to obtain sensitive information using bad certificates and cause memory and disk resources to exhaust. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 35432
    published 2009-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35432
    title GLSA-200901-13 : Pidgin: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-1023.NASL
    description Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is a multi-protocol Internet Messaging client. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) A denial-of-service flaw was found in Pidgin's Universal Plug and Play (UPnP) request handling. A malicious UPnP server could send a request to Pidgin, causing it to download an excessive amount of data, consuming all available memory or disk space. (CVE-2008-2957) A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL implementation in Pidgin did not properly verify the authenticity of SSL certificates. This could have resulted in users unknowingly connecting to a malicious SSL service. (CVE-2008-3532) In addition, this update upgrades pidgin from version 2.3.1 to version 2.5.2, with many additional stability and functionality fixes from the Pidgin Project. Note: the Secure Internet Live Conferencing (SILC) chat network protocol has recently changed, affecting all versions of pidgin shipped with Red Hat Enterprise Linux. Pidgin cannot currently connect to the latest version of the SILC server (1.1.14): it fails to properly exchange keys during initial login. This update does not correct this. Red Hat Bugzilla #474212 (linked to in the References section) has more information. Note: after the errata packages are installed, Pidgin must be restarted for the update to take effect. All Pidgin users should upgrade to these updated packages, which contains Pidgin version 2.5.2 and resolves these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35260
    published 2008-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35260
    title CentOS 4 / 5 : pidgin (CESA-2008:1023)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-1023.NASL
    description Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is a multi-protocol Internet Messaging client. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) A denial-of-service flaw was found in Pidgin's Universal Plug and Play (UPnP) request handling. A malicious UPnP server could send a request to Pidgin, causing it to download an excessive amount of data, consuming all available memory or disk space. (CVE-2008-2957) A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL implementation in Pidgin did not properly verify the authenticity of SSL certificates. This could have resulted in users unknowingly connecting to a malicious SSL service. (CVE-2008-3532) In addition, this update upgrades pidgin from version 2.3.1 to version 2.5.2, with many additional stability and functionality fixes from the Pidgin Project. Note: the Secure Internet Live Conferencing (SILC) chat network protocol has recently changed, affecting all versions of pidgin shipped with Red Hat Enterprise Linux. Pidgin cannot currently connect to the latest version of the SILC server (1.1.14): it fails to properly exchange keys during initial login. This update does not correct this. Red Hat Bugzilla #474212 (linked to in the References section) has more information. Note: after the errata packages are installed, Pidgin must be restarted for the update to take effect. All Pidgin users should upgrade to these updated packages, which contains Pidgin version 2.5.2 and resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35181
    published 2008-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35181
    title RHEL 4 / 5 : pidgin (RHSA-2008:1023)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-1023.NASL
    description From Red Hat Security Advisory 2008:1023 : Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is a multi-protocol Internet Messaging client. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) A denial-of-service flaw was found in Pidgin's Universal Plug and Play (UPnP) request handling. A malicious UPnP server could send a request to Pidgin, causing it to download an excessive amount of data, consuming all available memory or disk space. (CVE-2008-2957) A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL implementation in Pidgin did not properly verify the authenticity of SSL certificates. This could have resulted in users unknowingly connecting to a malicious SSL service. (CVE-2008-3532) In addition, this update upgrades pidgin from version 2.3.1 to version 2.5.2, with many additional stability and functionality fixes from the Pidgin Project. Note: the Secure Internet Live Conferencing (SILC) chat network protocol has recently changed, affecting all versions of pidgin shipped with Red Hat Enterprise Linux. Pidgin cannot currently connect to the latest version of the SILC server (1.1.14): it fails to properly exchange keys during initial login. This update does not correct this. Red Hat Bugzilla #474212 (linked to in the References section) has more information. Note: after the errata packages are installed, Pidgin must be restarted for the update to take effect. All Pidgin users should upgrade to these updated packages, which contains Pidgin version 2.5.2 and resolves these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67774
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67774
    title Oracle Linux 4 : pidgin (ELSA-2008-1023)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-675-1.NASL
    description It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2008-2927) It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955) It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. (CVE-2008-2957) It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login. (CVE-2008-3532). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 36899
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36899
    title Ubuntu 7.10 / 8.04 LTS : pidgin vulnerabilities (USN-675-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-321.NASL
    description Security vulnerabilities has been identified and fixed in pidgin : The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. (CVE-2008-3532) Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. (CVE-2008-2955) The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. (CVE-2008-2957) Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third-party information (CVE-2009-1373). Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet (CVE-2009-1374). The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol (CVE-2009-1375). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory (CVE-2009-1889). The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376 (CVE-2009-2694). Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM (CVE-2009-3025) protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the require TLS/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions (CVE-2009-3026). libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string (CVE-2009-2703). The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client (CVE-2009-3083). The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect UTF16-LE charset name (CVE-2009-3084). The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images (CVE-2009-3085). This update provides pidgin 2.6.2, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43024
    published 2009-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43024
    title Mandriva Linux Security Advisory : pidgin (MDVSA-2009:321)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-025.NASL
    description The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. (CVE-2008-3532) Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. (CVE-2008-2955) The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. (CVE-2008-2957) The updated packages have been patched to fix these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36534
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36534
    title Mandriva Linux Security Advisory : pidgin (MDVSA-2009:025)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081215_PIDGIN_ON_SL4_X.NASL
    description A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) A denial-of-service flaw was found in Pidgin's Universal Plug and Play (UPnP) request handling. A malicious UPnP server could send a request to Pidgin, causing it to download an excessive amount of data, consuming all available memory or disk space. (CVE-2008-2957) A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL implementation in Pidgin did not properly verify the authenticity of SSL certificates. This could have resulted in users unknowingly connecting to a malicious SSL service. (CVE-2008-3532) In addition, this update upgrades pidgin from version 2.3.1 to version 2.5.2, with many additional stability and functionality fixes from the Pidgin Project. Note: the Secure Internet Live Conferencing (SILC) chat network protocol has recently changed, affecting all versions of pidgin shipped with Red Hat Enterprise Linux. Pidgin cannot currently connect to the latest version of the SILC server (1.1.14): it fails to properly exchange keys during initial login. This update does not correct this. Red Hat Bugzilla #474212 (linked to in the References section) has more information. Note: after the errata packages are installed, Pidgin must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60505
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60505
    title Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FINCH-080903.NASL
    description - specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-2927). - overly long file names in MSN file transfers could crash pidgin (CVE-2008-2955). - SSL certifcates were not verfied. Therefore piding didn't notice faked certificates (CVE-2008-3532) Additionally a problem was fixed that prevented gaim clients from connecting to the ICQ network after a server change on July 1st 2008.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 39959
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39959
    title openSUSE Security Update : finch (finch-188)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FINCH-5573.NASL
    description - specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code. (CVE-2008-2927) - overly long file names in MSN file transfers could crash pidgin. (CVE-2008-2955) - SSL certifcates were not verfied. Therefore piding didn't notice faked certificates. (CVE-2008-3532) Additionally a problem was fixed that prevented gaim clients from connecting to the ICQ network after a server change on July 1st 2008.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51722
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51722
    title SuSE 10 Security Update : pidgin, gaim and finch (ZYPP Patch Number 5573)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FINCH-5592.NASL
    description - specially crafted MSN SLP messages could cause an integer overflow in pidgin. Attackers could potentially exploit that to execute arbitrary code (CVE-2008-2927). - overly long file names in MSN file transfers could crash pidgin (CVE-2008-2955). - SSL certifcates were not verfied. Therefore piding didn't notice faked certificates (CVE-2008-3532) Additionally a problem was fixed that prevented gaim clients from connecting to the ICQ network after a server change on July 1st 2008.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34199
    published 2008-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34199
    title openSUSE 10 Security Update : finch (finch-5592)
oval via4
  • accepted 2013-04-29T04:10:25.565-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
    family unix
    id oval:org.mitre.oval:def:10979
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
    version 25
  • accepted 2013-09-30T04:01:04.838-04:00
    class vulnerability
    contributors
    name Shane Shaffer
    organization G2, Inc.
    definition_extensions
    comment Pidgin is installed
    oval oval:org.mitre.oval:def:12366
    description The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
    family windows
    id oval:org.mitre.oval:def:18327
    status accepted
    submitted 2013-08-16T15:36:10.221-04:00
    title The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service
    version 4
redhat via4
advisories
bugzilla
id 472508
title The Font settings that I customized didn't apply to the outgoing message on the conversation window
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment finch is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023014
        • comment finch is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023015
      • AND
        • comment finch-devel is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023012
        • comment finch-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023013
      • AND
        • comment libpurple is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023004
        • comment libpurple is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023005
      • AND
        • comment libpurple-devel is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023016
        • comment libpurple-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023017
      • AND
        • comment libpurple-perl is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023006
        • comment libpurple-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023007
      • AND
        • comment libpurple-tcl is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023018
        • comment libpurple-tcl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023019
      • AND
        • comment pidgin is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023002
        • comment pidgin is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080584003
      • AND
        • comment pidgin-devel is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023008
        • comment pidgin-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023009
      • AND
        • comment pidgin-perl is earlier than 0:2.5.2-6.el4
          oval oval:com.redhat.rhsa:tst:20081023010
        • comment pidgin-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081023011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment finch is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023037
        • comment finch is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584016
      • AND
        • comment finch-devel is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023023
        • comment finch-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584014
      • AND
        • comment libpurple is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023029
        • comment libpurple is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584020
      • AND
        • comment libpurple-devel is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023025
        • comment libpurple-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584018
      • AND
        • comment libpurple-perl is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023035
        • comment libpurple-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584010
      • AND
        • comment libpurple-tcl is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023033
        • comment libpurple-tcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584012
      • AND
        • comment pidgin is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023021
        • comment pidgin is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584008
      • AND
        • comment pidgin-devel is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023027
        • comment pidgin-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584024
      • AND
        • comment pidgin-perl is earlier than 0:2.5.2-6.el5
          oval oval:com.redhat.rhsa:tst:20081023031
        • comment pidgin-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584022
rhsa
id RHSA-2008:1023
released 2008-12-15
severity Moderate
title RHSA-2008:1023: pidgin security and bug fix update (Moderate)
rpms
  • finch-0:2.5.2-6.el4
  • finch-devel-0:2.5.2-6.el4
  • libpurple-0:2.5.2-6.el4
  • libpurple-devel-0:2.5.2-6.el4
  • libpurple-perl-0:2.5.2-6.el4
  • libpurple-tcl-0:2.5.2-6.el4
  • pidgin-0:2.5.2-6.el4
  • pidgin-devel-0:2.5.2-6.el4
  • pidgin-perl-0:2.5.2-6.el4
  • finch-0:2.5.2-6.el5
  • finch-devel-0:2.5.2-6.el5
  • libpurple-0:2.5.2-6.el5
  • libpurple-devel-0:2.5.2-6.el5
  • libpurple-perl-0:2.5.2-6.el5
  • libpurple-tcl-0:2.5.2-6.el5
  • pidgin-0:2.5.2-6.el5
  • pidgin-devel-0:2.5.2-6.el5
  • pidgin-perl-0:2.5.2-6.el5
refmap via4
bid 30553
confirm
mandriva MDVSA-2009:025
misc http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch
secunia
  • 31390
  • 32859
  • 33102
ubuntu USN-675-1
vupen ADV-2008-2318
xf pidgin-ssl-spoofing(44220)
Last major update 02-11-2013 - 22:39
Published 08-08-2008 - 15:41
Last modified 28-09-2017 - 21:31
Back to Top