Security update for pidgin

SUSE Security Update: Security update for pidgin
Announcement ID: SUSE-SU-2014:1615-1
Rating: moderate
References: #902408 #902409 #902410
Affected Products:
  • SUSE Linux Enterprise Workstation Extension 12
  • SUSE Linux Enterprise Software Development Kit 12
  • SUSE Linux Enterprise Desktop 12

  • An update that fixes three vulnerabilities is now available.

    Description:

    This pidgin security update fixes the following issues:

    - bnc#902408: remote information leak via crafted XMPP message.
    (CVE-2014-3698)
    - bnc#902410: denial of service parsing Groupwise server message.
    (CVE-2014-3696)
    - bnc#902409: crash in MXit protocol plug-in. (CVE-2014-3695)

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Workstation Extension 12:
      zypper in -t patch SUSE-SLE-WE-12-2014-107
    • SUSE Linux Enterprise Software Development Kit 12:
      zypper in -t patch SUSE-SLE-SDK-12-2014-107
    • SUSE Linux Enterprise Desktop 12:
      zypper in -t patch SUSE-SLE-DESKTOP-12-2014-107

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Workstation Extension 12 (x86_64):
      • finch-2.10.9-8.1
      • finch-debuginfo-2.10.9-8.1
      • libpurple-2.10.9-8.1
      • libpurple-debuginfo-2.10.9-8.1
      • libpurple-meanwhile-2.10.9-8.1
      • libpurple-meanwhile-debuginfo-2.10.9-8.1
      • libpurple-tcl-2.10.9-8.1
      • libpurple-tcl-debuginfo-2.10.9-8.1
      • pidgin-2.10.9-8.1
      • pidgin-debuginfo-2.10.9-8.1
      • pidgin-debugsource-2.10.9-8.1
    • SUSE Linux Enterprise Workstation Extension 12 (noarch):
      • libpurple-lang-2.10.9-8.1
    • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
      • finch-devel-2.10.9-8.1
      • libpurple-2.10.9-8.1
      • libpurple-debuginfo-2.10.9-8.1
      • libpurple-devel-2.10.9-8.1
      • pidgin-debuginfo-2.10.9-8.1
      • pidgin-debugsource-2.10.9-8.1
      • pidgin-devel-2.10.9-8.1
    • SUSE Linux Enterprise Software Development Kit 12 (noarch):
      • libpurple-lang-2.10.9-8.1
    • SUSE Linux Enterprise Desktop 12 (x86_64):
      • finch-2.10.9-8.1
      • finch-debuginfo-2.10.9-8.1
      • libpurple-2.10.9-8.1
      • libpurple-debuginfo-2.10.9-8.1
      • libpurple-meanwhile-2.10.9-8.1
      • libpurple-meanwhile-debuginfo-2.10.9-8.1
      • libpurple-tcl-2.10.9-8.1
      • libpurple-tcl-debuginfo-2.10.9-8.1
      • pidgin-2.10.9-8.1
      • pidgin-debuginfo-2.10.9-8.1
      • pidgin-debugsource-2.10.9-8.1
    • SUSE Linux Enterprise Desktop 12 (noarch):
      • libpurple-lang-2.10.9-8.1

    References:

    • http://support.novell.com/security/cve/CVE-2014-3695.html
    • http://support.novell.com/security/cve/CVE-2014-3696.html
    • http://support.novell.com/security/cve/CVE-2014-3698.html
    • https://bugzilla.suse.com/show_bug.cgi?id=902408
    • https://bugzilla.suse.com/show_bug.cgi?id=902409
    • https://bugzilla.suse.com/show_bug.cgi?id=902410