MGASA-2014-0034
- Source
- https://advisories.mageia.org/MGASA-2014-0034.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0034.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0034
- Related
- Published
- 2014-02-05T15:31:44Z
- Modified
- 2014-02-05T15:31:41Z
- Summary
- Updated pidgin package fixes security vulnerabilities
- Details
-
Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8 (CVE-2012-6152).
A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future (CVE-2013-6477).
libX11 forcefully exits causing a crash when Pidgin tries to create an exceptionally wide tooltip window when hovering the pointer over a long URL (CVE-2013-6478).
A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash (CVE-2013-6479).
The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash when reading a P2P message (CVE-2013-6481).
NULL pointer dereferences in the MSN protocol plugin due to a malformed Content-Length header, or a malicious server or man-in-the-middle sending a specially crafted OIM data XML response or SOAP response (CVE-2013-6482).
The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference (CVE-2013-6483).
Incorrect error handling when reading the response from a STUN server could lead to a crash (CVE-2013-6484).
A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes (CVE-2013-6485).
A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).
A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow in MXit emoticon parsing (CVE-2013-6489).
A Content-Length of -1 could lead to a buffer overflow in SIMPLE header parsing (CVE-2013-6490).
A malicious server or man-in-the-middle could trigger a crash in IRC argument parsing in libpurple by sending a message with fewer than expected arguments (CVE-2014-0020).
- References
-
- https://advisories.mageia.org/MGASA-2014-0034.html
- https://bugs.mageia.org/show_bug.cgi?id=12468
- http://pidgin.im/news/security/?id=70
- http://pidgin.im/news/security/?id=71
- http://pidgin.im/news/security/?id=72
- http://pidgin.im/news/security/?id=73
- http://pidgin.im/news/security/?id=74
- http://pidgin.im/news/security/?id=75
- http://pidgin.im/news/security/?id=76
- http://pidgin.im/news/security/?id=77
- http://pidgin.im/news/security/?id=78
- http://pidgin.im/news/security/?id=79
- http://pidgin.im/news/security/?id=80
- http://pidgin.im/news/security/?id=82
- http://pidgin.im/news/security/?id=83
- http://pidgin.im/news/security/?id=84
- http://pidgin.im/news/security/?id=85
- https://developer.pidgin.im/wiki/ChangeLog
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / pidgin
Package
- Name
- pidgin
- Purl
- pkg:rpm/mageia/pidgin?distro=mageia-3