Upstream information

CVE-2008-2955 at MITRE

Description

Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 404163 [RESOLVED / FIXED], 406416 [RESOLVED / FIXED], 503447 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • finch >= 2.6.6-0.25.2
  • finch-devel >= 2.6.6-0.25.2
  • libpurple >= 2.6.6-0.25.2
  • libpurple-devel >= 2.6.6-0.25.2
  • libpurple-lang >= 2.6.6-0.25.2
  • pidgin >= 2.6.6-0.25.2
  • pidgin-devel >= 2.6.6-0.25.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA finch
SUSE Linux Enterprise SDK 10 SP2
  • finch >= 2.3.1-10.9
  • finch-devel >= 2.3.1-10.9
  • libpurple >= 2.3.1-10.9
  • libpurple-devel >= 2.3.1-10.9
  • pidgin >= 2.3.1-10.9
  • pidgin-devel >= 2.3.1-10.9
sled10-sp2.x86
sles10-sp2-debuginfo.ia64
sle10-sp2-sdk.ia64
sles10-sp2-debuginfo.ppc
sle10-sp2-sdk.s390x
sle10-sp2-sdk.x86
sles10-sp2-debuginfo.x86
sled10-sp2.x86-64
sle10-sp2-sdk.ppc
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.x86-64
sles10-sp2-debuginfo.s390x
ZYPP Patch Nr: 5573
openSUSE 11.0
  • pidgin-debuginfo >= 2.4.1-28.4
  • pidgin-debugsource >= 2.4.1-28.4
openSUSE 11.0
  • finch >= 2.4.1-28.4
  • finch-devel >= 2.4.1-28.4
  • libpurple >= 2.4.1-28.4
  • libpurple-devel >= 2.4.1-28.4
  • libpurple-meanwhile >= 2.4.1-28.4
  • libpurple-mono >= 2.4.1-28.4
  • pidgin >= 2.4.1-28.4
  • pidgin-devel >= 2.4.1-28.4