DebianDEBIAN:62CFE81ECCDE667CCD60DCF5E608483B:E953F[Backports-security-announce] Security Update for pidgin
EPSS
Percentile
94.1%
Jan Wagner uploaded a new package for pidgin which fixed the following
security problem:
CVE-2010-0013[1] and Debian Bug #563206[2]
It was discovered that Pidgin did not properly handle custom smiley
requests in the MSN protocol handler. A remote attacker could send a
specially crafted filename in a custom smiley request and obtain arbitrary
files via directory traversal.
For the lenny distribution the problem has been fixed soon in
version 2.4.3-4lenny5.
For the sid distribution the problem has been fixed in
version 2.6.5-2.
Upgrade instructions
If you don't use pinning (see [1]) you have to update nagios3
manually via "apt-get -t etch-backports install nagios".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
[1] http://security-tracker.debian.org/tracker/CVE-2010-0013
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 5 | all | pidgin | < 2.4.3-4lenny5 | pidgin_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | finch-dev | < 2.4.3-4lenny5 | finch-dev_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | libpurple0 | < 2.4.3-4lenny5 | libpurple0_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | libpurple-bin | < 2.4.3-4lenny5 | libpurple-bin_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | pidgin-data | < 2.4.3-4lenny5 | pidgin-data_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | finch | < 2.4.3-4lenny5 | finch_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | libpurple-dev | < 2.4.3-4lenny5 | libpurple-dev_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | pidgin-dev | < 2.4.3-4lenny5 | pidgin-dev_2.4.3-4lenny5_all.deb |
| Debian | 5 | all | pidgin-dbg | < 2.4.3-4lenny5 | pidgin-dbg_2.4.3-4lenny5_all.deb |
Related
