CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
96.6%
Jan Wagner uploaded a new package for pidgin which fixed the following
security problem:
CVE-2010-0277[2] and Debian Bug #566775[3]
It was discovered that that slp.c in the MSN protocol plugin in libpurple in
Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact via
unknown vectors, a different issue than CVE-2010-0013.
CVE-2010-0420[4]
Fixes a remote Finch XMPP crash.
CVE-2010-0423[5]
Fixes a remote smiley freeze/CPU pegging DoS.
For the sid distribution the problem has been fixed in
version 2.6.6-1.
If you don't use pinning (see [1]) you have to update pidgin
manually via "apt-get -t lenny-backports install pidgin".
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
[2] http://security-tracker.debian.org/tracker/CVE-2010-0277
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775
[4] http://security-tracker.debian.org/tracker/CVE-2010-0420
[5] http://security-tracker.debian.org/tracker/CVE-2010-0423
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | sh4 | pidgin-dbg | < 2.6.6-1 | pidgin-dbg_2.6.6-1_sh4.deb |
Debian | 999 | hppa | libpurple0 | < 2.6.6-1 | libpurple0_2.6.6-1_hppa.deb |
Debian | 999 | powerpc | pidgin | < 2.6.6-1 | pidgin_2.6.6-1_powerpc.deb |
Debian | 999 | sh4 | libpurple0 | < 2.6.6-1 | libpurple0_2.6.6-1_sh4.deb |
Debian | 999 | i386 | libpurple0 | < 2.6.6-1 | libpurple0_2.6.6-1_i386.deb |
Debian | 999 | s390 | libpurple0 | < 2.6.6-1 | libpurple0_2.6.6-1_s390.deb |
Debian | 999 | hppa | pidgin | < 2.6.6-1 | pidgin_2.6.6-1_hppa.deb |
Debian | 5 | all | finch-dev | < 2.4.3-4lenny6 | finch-dev_2.4.3-4lenny6_all.deb |
Debian | 999 | hppa | pidgin-dbg | < 2.6.6-1 | pidgin-dbg_2.6.6-1_hppa.deb |
Debian | 999 | kfreebsd-i386 | pidgin-dbg | < 2.6.6-1 | pidgin-dbg_2.6.6-1_kfreebsd-i386.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
96.6%