CVE-2013-0272

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0272 at MITRE

Description

Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

SUSE information

SUSE Bugzilla entry: 804742

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • finch >= 2.6.6-0.19.1
  • libpurple >= 2.6.6-0.19.1
  • libpurple-lang >= 2.6.6-0.19.1
  • libpurple-meanwhile >= 2.6.6-0.19.1
  • libpurple-tcl >= 2.6.6-0.19.1
  • pidgin >= 2.6.6-0.19.1
Patchnames:
sledsp2-finch
SUSE Linux Enterprise Software Development Kit 11 SP2
  • finch >= 2.6.6-0.19.1
  • finch-devel >= 2.6.6-0.19.1
  • libpurple >= 2.6.6-0.19.1
  • libpurple-devel >= 2.6.6-0.19.1
  • libpurple-lang >= 2.6.6-0.19.1
  • pidgin >= 2.6.6-0.19.1
  • pidgin-devel >= 2.6.6-0.19.1
Patchnames:
sdksp2-finch
SUSE Linux Enterprise Software Development Kit 11 SP2
  • finch >= 2.6.6-0.19.1
  • finch-devel >= 2.6.6-0.19.1
  • libpurple >= 2.6.6-0.19.1
  • libpurple-devel >= 2.6.6-0.19.1
  • libpurple-lang >= 2.6.6-0.19.1
  • pidgin >= 2.6.6-0.19.1
  • pidgin-devel >= 2.6.6-0.19.1
Builds
SAT Patch Nr: 7429
SUSE Linux Enterprise Desktop 11 SP2
  • finch >= 2.6.6-0.19.1
  • libpurple >= 2.6.6-0.19.1
  • libpurple-lang >= 2.6.6-0.19.1
  • libpurple-meanwhile >= 2.6.6-0.19.1
  • libpurple-tcl >= 2.6.6-0.19.1
  • pidgin >= 2.6.6-0.19.1
Builds
SAT Patch Nr: 7429
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • finch >= 2.6.6-0.20.1
  • libpurple >= 2.6.6-0.20.1
  • pidgin >= 2.6.6-0.20.1
Builds
ZYPP Patch Nr: 8475
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • finch >= 2.6.6-0.20.1
  • finch-devel >= 2.6.6-0.20.1
  • libpurple >= 2.6.6-0.20.1
  • libpurple-devel >= 2.6.6-0.20.1
  • pidgin >= 2.6.6-0.20.1
  • pidgin-devel >= 2.6.6-0.20.1
Builds
ZYPP Patch Nr: 8475
openSUSE 12.3
  • finch >= 2.10.7-4.4.1
  • finch-debuginfo >= 2.10.7-4.4.1
  • finch-devel >= 2.10.7-4.4.1
  • libpurple >= 2.10.7-4.4.1
  • libpurple-branding-upstream >= 2.10.7-4.4.1
  • libpurple-debuginfo >= 2.10.7-4.4.1
  • libpurple-devel >= 2.10.7-4.4.1
  • libpurple-lang >= 2.10.7-4.4.1
  • libpurple-meanwhile >= 2.10.7-4.4.1
  • libpurple-meanwhile-debuginfo >= 2.10.7-4.4.1
  • libpurple-tcl >= 2.10.7-4.4.1
  • libpurple-tcl-debuginfo >= 2.10.7-4.4.1
  • pidgin >= 2.10.7-4.4.1
  • pidgin-debuginfo >= 2.10.7-4.4.1
  • pidgin-debugsource >= 2.10.7-4.4.1
  • pidgin-devel >= 2.10.7-4.4.1
Patchnames:
openSUSE-2013-231
openSUSE Evergreen 11.4
  • finch >= 2.7.10-4.53.1
  • finch-debuginfo >= 2.7.10-4.53.1
  • finch-devel >= 2.7.10-4.53.1
  • libpurple >= 2.7.10-4.53.1
  • libpurple-debuginfo >= 2.7.10-4.53.1
  • libpurple-devel >= 2.7.10-4.53.1
  • libpurple-lang >= 2.7.10-4.53.1
  • libpurple-meanwhile >= 2.7.10-4.53.1
  • libpurple-meanwhile-debuginfo >= 2.7.10-4.53.1
  • libpurple-tcl >= 2.7.10-4.53.1
  • libpurple-tcl-debuginfo >= 2.7.10-4.53.1
  • pidgin >= 2.7.10-4.53.1
  • pidgin-debuginfo >= 2.7.10-4.53.1
  • pidgin-debugsource >= 2.7.10-4.53.1
  • pidgin-devel >= 2.7.10-4.53.1
  • pidgin-evolution >= 2.7.10-4.53.1
  • pidgin-evolution-debuginfo >= 2.7.10-4.53.1
Patchnames:
2013-35