CVE-2013-6490

Upstream information

CVE-2013-6490 at MITRE

Description

The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 861019 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SU-2014:0702-1, published Thu May 22 15:04:11 MDT 2014

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP3	`finch >= 2.6.6-0.23.1` `libpurple >= 2.6.6-0.23.1` `libpurple-lang >= 2.6.6-0.23.1` `libpurple-meanwhile >= 2.6.6-0.23.1` `libpurple-tcl >= 2.6.6-0.23.1` `pidgin >= 2.6.6-0.23.1`	Patchnames: sledsp3-finch
SUSE Linux Enterprise Software Development Kit 11 SP3	`finch >= 2.6.6-0.23.1` `finch-devel >= 2.6.6-0.23.1` `libpurple >= 2.6.6-0.23.1` `libpurple-devel >= 2.6.6-0.23.1` `libpurple-lang >= 2.6.6-0.23.1` `pidgin >= 2.6.6-0.23.1` `pidgin-devel >= 2.6.6-0.23.1`	Patchnames: sdksp3-finch
SUSE Linux Enterprise Software Development Kit 11 SP4	`finch >= 2.6.6-0.25.2` `finch-devel >= 2.6.6-0.25.2` `libpurple >= 2.6.6-0.25.2` `libpurple-devel >= 2.6.6-0.25.2` `libpurple-lang >= 2.6.6-0.25.2` `pidgin >= 2.6.6-0.25.2` `pidgin-devel >= 2.6.6-0.25.2`

Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.