rhsa-2009_1059
Vulnerability from csaf_redhat
Published
2009-05-22 11:49
Modified
2024-11-22 02:47
Summary
Red Hat Security Advisory: pidgin security update
Notes
Topic
An updated pidgin package that fixes two security issues is now available
for Red Hat Enterprise Linux 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
A buffer overflow flaw was found in the way Pidgin initiates file transfers
when using the Extensible Messaging and Presence Protocol (XMPP). If a
Pidgin client initiates a file transfer, and the remote target sends a
malformed response, it could cause Pidgin to crash or, potentially, execute
arbitrary code with the permissions of the user running Pidgin. This flaw
only affects accounts using XMPP, such as Jabber and Google Talk.
(CVE-2009-1373)
It was discovered that on 32-bit platforms, the Red Hat Security Advisory
RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw
affecting Pidgin's MSN protocol handler. If a Pidgin client receives a
specially-crafted MSN message, it may be possible to execute arbitrary code
with the permissions of the user running Pidgin. (CVE-2009-1376)
Note: By default, when using an MSN account, only users on your buddy list
can send you messages. This prevents arbitrary MSN users from exploiting
this flaw.
All Pidgin users should upgrade to this update package, which contains
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated pidgin package that fixes two security issues is now available\nfor Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin\u0027s MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1059", "url": "https://access.redhat.com/errata/RHSA-2009:1059" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "500488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488" }, { "category": "external", "summary": "500493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500493" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1059.json" } ], "title": "Red Hat Security Advisory: pidgin security update", "tracking": { "current_release_date": "2024-11-22T02:47:04+00:00", "generator": { "date": "2024-11-22T02:47:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1059", "initial_release_date": "2009-05-22T11:49:00+00:00", "revision_history": [ { "date": "2009-05-22T11:49:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-05-22T08:08:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:47:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 3", "product": { "name": "Red Hat Enterprise Linux AS version 3", "product_id": "3AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::as" } } }, { "category": "product_name", "name": "Red Hat Desktop version 3", "product": { "name": "Red Hat Desktop version 3", "product_id": "3Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 3", "product": { "name": "Red Hat Enterprise Linux ES version 3", "product_id": "3ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 3", "product": { "name": "Red Hat Enterprise Linux WS version 3", "product_id": "3WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "product": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "product_id": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin-debuginfo@1.5.1-3.el3?arch=ia64" } } }, { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.ia64", "product": { "name": "pidgin-0:1.5.1-3.el3.ia64", "product_id": "pidgin-0:1.5.1-3.el3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "product": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "product_id": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin-debuginfo@1.5.1-3.el3?arch=x86_64" } } }, { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.x86_64", "product": { "name": "pidgin-0:1.5.1-3.el3.x86_64", "product_id": "pidgin-0:1.5.1-3.el3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "product": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "product_id": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin-debuginfo@1.5.1-3.el3?arch=i386" } } }, { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.i386", "product": { "name": "pidgin-0:1.5.1-3.el3.i386", "product_id": "pidgin-0:1.5.1-3.el3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.src", "product": { "name": "pidgin-0:1.5.1-3.el3.src", "product_id": "pidgin-0:1.5.1-3.el3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "product": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "product_id": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin-debuginfo@1.5.1-3.el3?arch=ppc" } } }, { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.ppc", "product": { "name": "pidgin-0:1.5.1-3.el3.ppc", "product_id": "pidgin-0:1.5.1-3.el3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "product": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "product_id": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin-debuginfo@1.5.1-3.el3?arch=s390x" } } }, { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.s390x", "product": { "name": "pidgin-0:1.5.1-3.el3.s390x", "product_id": "pidgin-0:1.5.1-3.el3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "product": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "product_id": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin-debuginfo@1.5.1-3.el3?arch=s390" } } }, { "category": "product_version", "name": "pidgin-0:1.5.1-3.el3.s390", "product": { "name": "pidgin-0:1.5.1-3.el3.s390", "product_id": "pidgin-0:1.5.1-3.el3.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/pidgin@1.5.1-3.el3?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.src as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.src" }, "product_reference": "pidgin-0:1.5.1-3.el3.src", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.src as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.src" }, "product_reference": "pidgin-0:1.5.1-3.el3.src", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.src as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.src" }, "product_reference": "pidgin-0:1.5.1-3.el3.src", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.src as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.src" }, "product_reference": "pidgin-0:1.5.1-3.el3.src", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-0:1.5.1-3.el3.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" }, "product_reference": "pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "relates_to_product_reference": "3WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-1373", "discovery_date": "2009-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "500488" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.", "title": "Vulnerability description" }, { "category": "summary", "text": "pidgin file transfer buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS:pidgin-0:1.5.1-3.el3.i386", "3AS:pidgin-0:1.5.1-3.el3.ia64", "3AS:pidgin-0:1.5.1-3.el3.ppc", "3AS:pidgin-0:1.5.1-3.el3.s390", "3AS:pidgin-0:1.5.1-3.el3.s390x", "3AS:pidgin-0:1.5.1-3.el3.src", "3AS:pidgin-0:1.5.1-3.el3.x86_64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-0:1.5.1-3.el3.i386", "3Desktop:pidgin-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-0:1.5.1-3.el3.s390", "3Desktop:pidgin-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-0:1.5.1-3.el3.src", "3Desktop:pidgin-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3ES:pidgin-0:1.5.1-3.el3.i386", "3ES:pidgin-0:1.5.1-3.el3.ia64", "3ES:pidgin-0:1.5.1-3.el3.ppc", "3ES:pidgin-0:1.5.1-3.el3.s390", "3ES:pidgin-0:1.5.1-3.el3.s390x", "3ES:pidgin-0:1.5.1-3.el3.src", "3ES:pidgin-0:1.5.1-3.el3.x86_64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3WS:pidgin-0:1.5.1-3.el3.i386", "3WS:pidgin-0:1.5.1-3.el3.ia64", "3WS:pidgin-0:1.5.1-3.el3.ppc", "3WS:pidgin-0:1.5.1-3.el3.s390", "3WS:pidgin-0:1.5.1-3.el3.s390x", "3WS:pidgin-0:1.5.1-3.el3.src", "3WS:pidgin-0:1.5.1-3.el3.x86_64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1373" }, { "category": "external", "summary": "RHBZ#500488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500488" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1373", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1373" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1373", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1373" } ], "release_date": "2009-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-22T11:49:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS:pidgin-0:1.5.1-3.el3.i386", "3AS:pidgin-0:1.5.1-3.el3.ia64", "3AS:pidgin-0:1.5.1-3.el3.ppc", "3AS:pidgin-0:1.5.1-3.el3.s390", "3AS:pidgin-0:1.5.1-3.el3.s390x", "3AS:pidgin-0:1.5.1-3.el3.src", "3AS:pidgin-0:1.5.1-3.el3.x86_64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-0:1.5.1-3.el3.i386", "3Desktop:pidgin-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-0:1.5.1-3.el3.s390", "3Desktop:pidgin-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-0:1.5.1-3.el3.src", "3Desktop:pidgin-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3ES:pidgin-0:1.5.1-3.el3.i386", "3ES:pidgin-0:1.5.1-3.el3.ia64", "3ES:pidgin-0:1.5.1-3.el3.ppc", "3ES:pidgin-0:1.5.1-3.el3.s390", "3ES:pidgin-0:1.5.1-3.el3.s390x", "3ES:pidgin-0:1.5.1-3.el3.src", "3ES:pidgin-0:1.5.1-3.el3.x86_64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3WS:pidgin-0:1.5.1-3.el3.i386", "3WS:pidgin-0:1.5.1-3.el3.ia64", "3WS:pidgin-0:1.5.1-3.el3.ppc", "3WS:pidgin-0:1.5.1-3.el3.s390", "3WS:pidgin-0:1.5.1-3.el3.s390x", "3WS:pidgin-0:1.5.1-3.el3.src", "3WS:pidgin-0:1.5.1-3.el3.x86_64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1059" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS:pidgin-0:1.5.1-3.el3.i386", "3AS:pidgin-0:1.5.1-3.el3.ia64", "3AS:pidgin-0:1.5.1-3.el3.ppc", "3AS:pidgin-0:1.5.1-3.el3.s390", "3AS:pidgin-0:1.5.1-3.el3.s390x", "3AS:pidgin-0:1.5.1-3.el3.src", "3AS:pidgin-0:1.5.1-3.el3.x86_64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-0:1.5.1-3.el3.i386", "3Desktop:pidgin-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-0:1.5.1-3.el3.s390", "3Desktop:pidgin-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-0:1.5.1-3.el3.src", "3Desktop:pidgin-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3ES:pidgin-0:1.5.1-3.el3.i386", "3ES:pidgin-0:1.5.1-3.el3.ia64", "3ES:pidgin-0:1.5.1-3.el3.ppc", "3ES:pidgin-0:1.5.1-3.el3.s390", "3ES:pidgin-0:1.5.1-3.el3.s390x", "3ES:pidgin-0:1.5.1-3.el3.src", "3ES:pidgin-0:1.5.1-3.el3.x86_64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3WS:pidgin-0:1.5.1-3.el3.i386", "3WS:pidgin-0:1.5.1-3.el3.ia64", "3WS:pidgin-0:1.5.1-3.el3.ppc", "3WS:pidgin-0:1.5.1-3.el3.s390", "3WS:pidgin-0:1.5.1-3.el3.s390x", "3WS:pidgin-0:1.5.1-3.el3.src", "3WS:pidgin-0:1.5.1-3.el3.x86_64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pidgin file transfer buffer overflow" }, { "cve": "CVE-2009-1376", "discovery_date": "2009-05-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "500493" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.", "title": "Vulnerability description" }, { "category": "summary", "text": "pidgin incomplete fix for CVE-2008-2927", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS:pidgin-0:1.5.1-3.el3.i386", "3AS:pidgin-0:1.5.1-3.el3.ia64", "3AS:pidgin-0:1.5.1-3.el3.ppc", "3AS:pidgin-0:1.5.1-3.el3.s390", "3AS:pidgin-0:1.5.1-3.el3.s390x", "3AS:pidgin-0:1.5.1-3.el3.src", "3AS:pidgin-0:1.5.1-3.el3.x86_64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-0:1.5.1-3.el3.i386", "3Desktop:pidgin-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-0:1.5.1-3.el3.s390", "3Desktop:pidgin-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-0:1.5.1-3.el3.src", "3Desktop:pidgin-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3ES:pidgin-0:1.5.1-3.el3.i386", "3ES:pidgin-0:1.5.1-3.el3.ia64", "3ES:pidgin-0:1.5.1-3.el3.ppc", "3ES:pidgin-0:1.5.1-3.el3.s390", "3ES:pidgin-0:1.5.1-3.el3.s390x", "3ES:pidgin-0:1.5.1-3.el3.src", "3ES:pidgin-0:1.5.1-3.el3.x86_64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3WS:pidgin-0:1.5.1-3.el3.i386", "3WS:pidgin-0:1.5.1-3.el3.ia64", "3WS:pidgin-0:1.5.1-3.el3.ppc", "3WS:pidgin-0:1.5.1-3.el3.s390", "3WS:pidgin-0:1.5.1-3.el3.s390x", "3WS:pidgin-0:1.5.1-3.el3.src", "3WS:pidgin-0:1.5.1-3.el3.x86_64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1376" }, { "category": "external", "summary": "RHBZ#500493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500493" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1376", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1376" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1376", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1376" } ], "release_date": "2009-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-05-22T11:49:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS:pidgin-0:1.5.1-3.el3.i386", "3AS:pidgin-0:1.5.1-3.el3.ia64", "3AS:pidgin-0:1.5.1-3.el3.ppc", "3AS:pidgin-0:1.5.1-3.el3.s390", "3AS:pidgin-0:1.5.1-3.el3.s390x", "3AS:pidgin-0:1.5.1-3.el3.src", "3AS:pidgin-0:1.5.1-3.el3.x86_64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-0:1.5.1-3.el3.i386", "3Desktop:pidgin-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-0:1.5.1-3.el3.s390", "3Desktop:pidgin-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-0:1.5.1-3.el3.src", "3Desktop:pidgin-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3ES:pidgin-0:1.5.1-3.el3.i386", "3ES:pidgin-0:1.5.1-3.el3.ia64", "3ES:pidgin-0:1.5.1-3.el3.ppc", "3ES:pidgin-0:1.5.1-3.el3.s390", "3ES:pidgin-0:1.5.1-3.el3.s390x", "3ES:pidgin-0:1.5.1-3.el3.src", "3ES:pidgin-0:1.5.1-3.el3.x86_64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3WS:pidgin-0:1.5.1-3.el3.i386", "3WS:pidgin-0:1.5.1-3.el3.ia64", "3WS:pidgin-0:1.5.1-3.el3.ppc", "3WS:pidgin-0:1.5.1-3.el3.s390", "3WS:pidgin-0:1.5.1-3.el3.s390x", "3WS:pidgin-0:1.5.1-3.el3.src", "3WS:pidgin-0:1.5.1-3.el3.x86_64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1059" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS:pidgin-0:1.5.1-3.el3.i386", "3AS:pidgin-0:1.5.1-3.el3.ia64", "3AS:pidgin-0:1.5.1-3.el3.ppc", "3AS:pidgin-0:1.5.1-3.el3.s390", "3AS:pidgin-0:1.5.1-3.el3.s390x", "3AS:pidgin-0:1.5.1-3.el3.src", "3AS:pidgin-0:1.5.1-3.el3.x86_64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3AS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-0:1.5.1-3.el3.i386", "3Desktop:pidgin-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-0:1.5.1-3.el3.s390", "3Desktop:pidgin-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-0:1.5.1-3.el3.src", "3Desktop:pidgin-0:1.5.1-3.el3.x86_64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3Desktop:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3ES:pidgin-0:1.5.1-3.el3.i386", "3ES:pidgin-0:1.5.1-3.el3.ia64", "3ES:pidgin-0:1.5.1-3.el3.ppc", "3ES:pidgin-0:1.5.1-3.el3.s390", "3ES:pidgin-0:1.5.1-3.el3.s390x", "3ES:pidgin-0:1.5.1-3.el3.src", "3ES:pidgin-0:1.5.1-3.el3.x86_64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3ES:pidgin-debuginfo-0:1.5.1-3.el3.x86_64", "3WS:pidgin-0:1.5.1-3.el3.i386", "3WS:pidgin-0:1.5.1-3.el3.ia64", "3WS:pidgin-0:1.5.1-3.el3.ppc", "3WS:pidgin-0:1.5.1-3.el3.s390", "3WS:pidgin-0:1.5.1-3.el3.s390x", "3WS:pidgin-0:1.5.1-3.el3.src", "3WS:pidgin-0:1.5.1-3.el3.x86_64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.i386", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ia64", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.ppc", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.s390x", "3WS:pidgin-debuginfo-0:1.5.1-3.el3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pidgin incomplete fix for CVE-2008-2927" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.