SUSE-SU-2014:1623-1: moderate: Security update for pidgin
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Dec 11 17:04:43 MST 2014
SUSE Security Update: Security update for pidgin
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:1623-1
Rating: moderate
References: #902408 #902409 #902410
Cross-References: CVE-2014-3695 CVE-2014-3696 CVE-2014-3698
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This pidgin update fixes the following security issues:
* bnc#902408: remote information leak via crafted XMPP message
(CVE-2014-3698)
* bnc#902410: denial of service parsing Groupwise server message
(CVE-2014-3696)
* bnc#902409: crash in MXit protocol plug-in (CVE-2014-3695)
Security Issues:
* CVE-2014-3698
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3698>
* CVE-2014-3696
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3696>
* CVE-2014-3695
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3695>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-finch-10078
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-finch-10078
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
finch-2.6.6-0.25.2
finch-devel-2.6.6-0.25.2
libpurple-2.6.6-0.25.2
libpurple-devel-2.6.6-0.25.2
libpurple-lang-2.6.6-0.25.2
pidgin-2.6.6-0.25.2
pidgin-devel-2.6.6-0.25.2
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
finch-2.6.6-0.25.2
libpurple-2.6.6-0.25.2
libpurple-lang-2.6.6-0.25.2
libpurple-meanwhile-2.6.6-0.25.2
libpurple-tcl-2.6.6-0.25.2
pidgin-2.6.6-0.25.2
References:
http://support.novell.com/security/cve/CVE-2014-3695.html
http://support.novell.com/security/cve/CVE-2014-3696.html
http://support.novell.com/security/cve/CVE-2014-3698.html
https://bugzilla.suse.com/show_bug.cgi?id=902408
https://bugzilla.suse.com/show_bug.cgi?id=902409
https://bugzilla.suse.com/show_bug.cgi?id=902410
http://download.suse.com/patch/finder/?keywords=b42c0aeceaaa9ff5f85df2d7207116a2
More information about the sle-updates
mailing list