Upstream information

CVE-2012-3374 at MITRE

Description

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.48
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 770304 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • finch >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • libpurple-meanwhile >= 2.10.9-5.15
  • libpurple-tcl >= 2.10.9-5.15
  • pidgin >= 2.10.9-5.15
Patchnames:
SUSE Linux Enterprise Desktop 12 GA finch
SUSE Linux Enterprise Desktop 12 SP1
  • finch >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • libpurple-meanwhile >= 2.10.9-8.1
  • libpurple-tcl >= 2.10.9-8.1
  • pidgin >= 2.10.9-8.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA finch
SUSE Linux Enterprise Desktop 12 SP2
  • finch >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • libpurple-meanwhile >= 2.11.0-12.5
  • libpurple-tcl >= 2.11.0-12.5
  • pidgin >= 2.11.0-12.5
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA finch
SUSE Linux Enterprise Software Development Kit 11 SP4
  • finch >= 2.6.6-0.25.2
  • finch-devel >= 2.6.6-0.25.2
  • libpurple >= 2.6.6-0.25.2
  • libpurple-devel >= 2.6.6-0.25.2
  • libpurple-lang >= 2.6.6-0.25.2
  • pidgin >= 2.6.6-0.25.2
  • pidgin-devel >= 2.6.6-0.25.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA finch
SUSE Linux Enterprise Software Development Kit 12
  • finch-devel >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-devel >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • pidgin-devel >= 2.10.9-5.15
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA finch-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • finch-devel >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-devel >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • pidgin-devel >= 2.10.9-8.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • finch-devel >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-devel >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • pidgin-devel >= 2.11.0-12.5
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel
SUSE Linux Enterprise Workstation Extension 12
  • finch >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • libpurple-meanwhile >= 2.10.9-5.15
  • libpurple-tcl >= 2.10.9-5.15
  • pidgin >= 2.10.9-5.15
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA finch
SUSE Linux Enterprise Workstation Extension 12 SP1
  • finch >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • libpurple-meanwhile >= 2.10.9-8.1
  • libpurple-tcl >= 2.10.9-8.1
  • pidgin >= 2.10.9-8.1
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch
SUSE Linux Enterprise Workstation Extension 12 SP2
  • finch >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • libpurple-meanwhile >= 2.11.0-12.5
  • libpurple-tcl >= 2.11.0-12.5
  • pidgin >= 2.11.0-12.5
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • finch >= 2.6.6-0.18.1
  • libpurple >= 2.6.6-0.18.1
  • pidgin >= 2.6.6-0.18.1
Builds
ZYPP Patch Nr: 8220
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • finch >= 2.6.6-0.18.1
  • finch-devel >= 2.6.6-0.18.1
  • libpurple >= 2.6.6-0.18.1
  • libpurple-devel >= 2.6.6-0.18.1
  • pidgin >= 2.6.6-0.18.1
  • pidgin-devel >= 2.6.6-0.18.1
Builds
ZYPP Patch Nr: 8220
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • finch >= 2.6.6-0.17.1
  • finch-devel >= 2.6.6-0.17.1
  • libpurple >= 2.6.6-0.17.1
  • libpurple-devel >= 2.6.6-0.17.1
  • libpurple-lang >= 2.6.6-0.17.1
  • pidgin >= 2.6.6-0.17.1
  • pidgin-devel >= 2.6.6-0.17.1
Builds
SAT Patch Nr: 6534
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • finch >= 2.6.6-0.17.1
  • libpurple >= 2.6.6-0.17.1
  • libpurple-lang >= 2.6.6-0.17.1
  • libpurple-meanwhile >= 2.6.6-0.17.1
  • libpurple-tcl >= 2.6.6-0.17.1
  • pidgin >= 2.6.6-0.17.1
Builds
SAT Patch Nr: 6534
openSUSE 13.2
  • libpurple >= 2.10.9-5.1.4
  • libpurple-meanwhile >= 2.10.9-5.1.4
  • libpurple-tcl >= 2.10.9-5.1.4
  • pidgin >= 2.10.9-5.1.4
Patchnames:
openSUSE 13.2 GA libpurple
openSUSE Leap 42.1
  • libpurple >= 2.10.11-4.3
  • libpurple-lang >= 2.10.11-4.3
  • libpurple-meanwhile >= 2.10.11-4.3
  • libpurple-tcl >= 2.10.11-4.3
  • pidgin >= 2.10.11-4.3
Patchnames:
openSUSE Leap 42.1 GA libpurple
openSUSE Leap 42.2
  • libpurple >= 2.10.11-7.1
  • libpurple-lang >= 2.10.11-7.1
  • libpurple-meanwhile >= 2.10.11-7.1
  • libpurple-tcl >= 2.10.11-7.1
  • pidgin >= 2.10.11-7.1
Patchnames:
openSUSE Leap 42.2 GA libpurple
openSUSE Tumbleweed
  • finch >= 2.11.0-4.1
  • finch-devel >= 2.11.0-4.1
  • libpurple >= 2.11.0-4.1
  • libpurple-branding-upstream >= 2.11.0-4.1
  • libpurple-devel >= 2.11.0-4.1
  • libpurple-lang >= 2.11.0-4.1
  • libpurple-plugin-sametime >= 2.11.0-4.1
  • libpurple-tcl >= 2.11.0-4.1
  • pidgin >= 2.11.0-4.1
  • pidgin-devel >= 2.11.0-4.1
Patchnames:
openSUSE Tumbleweed GA finch