Parent Directory | Revision Log
MGASA-2017-0102: pidgin-2.12.0-1.mga5
1 | type: security |
2 | subject: Updated pidgin packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2017-2640 |
5 | src: |
6 | 5: |
7 | core: |
8 | - pidgin-2.12.0-1.mga5 |
9 | description: | |
10 | A server controlled by an attacker can send an invalid XML that can |
11 | trigger an out-of-bound memory access. This might lead to a crash or, in |
12 | some extreme cases, to remote code execution in the client-side |
13 | (CVE-2017-2640). |
14 | |
15 | The pidgin package has been updated to version 2.12.0, which fixes this |
16 | issue and other bugs, including certificate validation for the Google Talk |
17 | protocol. It also removes protocol plugins for services that are no longer |
18 | available or supported. See the upstream ChangeLog for details. |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=20442 |
21 | - http://pidgin.im/news/security/?id=109 |
22 | - https://bitbucket.org/pidgin/www/src/tip/htdocs/ChangeLog?fileviewer=file-view-default |
23 | - https://www.debian.org/security/2017/dsa-3806 |
24 | ID: MGASA-2017-0102 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |