Upstream information

CVE-2010-2528 at MITRE

Description

The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4
Vector AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 630965 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP1
  • finch >= 2.10.9-8.1
  • finch-devel >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-devel >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • libpurple-meanwhile >= 2.10.9-8.1
  • libpurple-tcl >= 2.10.9-8.1
  • pidgin >= 2.10.9-8.1
  • pidgin-devel >= 2.10.9-8.1
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel-2.10.9-8.1
SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Desktop 12 SP2
  • finch >= 2.11.0-12.5
  • finch-devel >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-devel >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • libpurple-meanwhile >= 2.11.0-12.5
  • libpurple-tcl >= 2.11.0-12.5
  • pidgin >= 2.11.0-12.5
  • pidgin-devel >= 2.11.0-12.5
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel-2.11.0-12.5
SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Desktop 12 SP3
  • finch >= 2.12.0-1.33
  • finch-devel >= 2.12.0-1.33
  • libpurple >= 2.12.0-1.33
  • libpurple-branding-upstream >= 2.12.0-1.33
  • libpurple-devel >= 2.12.0-1.33
  • libpurple-lang >= 2.12.0-1.33
  • libpurple-plugin-sametime >= 2.12.0-1.33
  • libpurple-tcl >= 2.12.0-1.33
  • pidgin >= 2.12.0-1.33
  • pidgin-devel >= 2.12.0-1.33
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Software Development Kit 12 SP3 GA finch-devel-2.12.0-1.33
SUSE Linux Enterprise Workstation Extension 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Desktop 12 SP4
  • finch >= 2.12.0-3.3.1
  • finch-devel >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-branding-upstream >= 2.12.0-3.3.1
  • libpurple-devel >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • libpurple-plugin-sametime >= 2.12.0-3.3.1
  • libpurple-tcl >= 2.12.0-3.3.1
  • pidgin >= 2.12.0-3.3.1
  • pidgin-devel >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP4 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Desktop 12
  • finch >= 2.10.9-5.15
  • finch-devel >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-devel >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • libpurple-meanwhile >= 2.10.9-5.15
  • libpurple-tcl >= 2.10.9-5.15
  • pidgin >= 2.10.9-5.15
  • pidgin-devel >= 2.10.9-5.15
 Patchnames:
SUSE Linux Enterprise Desktop 12 GA finch-2.10.9-5.15
SUSE Linux Enterprise Software Development Kit 12 GA finch-devel-2.10.9-5.15
SUSE Linux Enterprise Workstation Extension 12 GA finch-2.10.9-5.15
SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP1
  • libpurple >= 2.13.0-3.35
  • libpurple-branding-upstream >= 2.13.0-3.35
  • libpurple-devel >= 2.13.0-3.35
  • libpurple-lang >= 2.13.0-3.35
  • libpurple-plugin-sametime >= 2.13.0-3.35
  • pidgin >= 2.13.0-3.35
  • pidgin-devel >= 2.13.0-3.35
 Patchnames:
SUSE Linux Enterprise Workstation Extension 15 SP1 GA libpurple-2.13.0-3.35
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
  • libpurple >= 2.13.0-3.35
  • libpurple-branding-upstream >= 2.13.0-3.35
  • libpurple-devel >= 2.13.0-3.35
  • libpurple-lang >= 2.13.0-3.35
  • libpurple-plugin-sametime >= 2.13.0-3.35
  • pidgin >= 2.13.0-3.35
  • pidgin-devel >= 2.13.0-3.35
 Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA libpurple-2.13.0-3.35
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • finch >= 2.10.9-8.1
  • finch-devel >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-devel >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • libpurple-meanwhile >= 2.10.9-8.1
  • libpurple-tcl >= 2.10.9-8.1
  • pidgin >= 2.10.9-8.1
  • pidgin-devel >= 2.10.9-8.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel-2.10.9-8.1
SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • finch >= 2.11.0-12.5
  • finch-devel >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-devel >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • libpurple-meanwhile >= 2.11.0-12.5
  • libpurple-tcl >= 2.11.0-12.5
  • pidgin >= 2.11.0-12.5
  • pidgin-devel >= 2.11.0-12.5
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel-2.11.0-12.5
SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • finch >= 2.12.0-1.33
  • finch-devel >= 2.12.0-1.33
  • libpurple >= 2.12.0-1.33
  • libpurple-branding-upstream >= 2.12.0-1.33
  • libpurple-devel >= 2.12.0-1.33
  • libpurple-lang >= 2.12.0-1.33
  • libpurple-plugin-sametime >= 2.12.0-1.33
  • libpurple-tcl >= 2.12.0-1.33
  • pidgin >= 2.12.0-1.33
  • pidgin-devel >= 2.12.0-1.33
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA finch-devel-2.12.0-1.33
SUSE Linux Enterprise Workstation Extension 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • finch >= 2.12.0-3.3.1
  • finch-devel >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-branding-upstream >= 2.12.0-3.3.1
  • libpurple-devel >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • libpurple-plugin-sametime >= 2.12.0-3.3.1
  • libpurple-tcl >= 2.12.0-3.3.1
  • pidgin >= 2.12.0-3.3.1
  • pidgin-devel >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • finch >= 2.12.0-3.3.1
  • finch-devel >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-branding-upstream >= 2.12.0-3.3.1
  • libpurple-devel >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • libpurple-plugin-sametime >= 2.12.0-3.3.1
  • libpurple-tcl >= 2.12.0-3.3.1
  • pidgin >= 2.12.0-3.3.1
  • pidgin-devel >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
  • finch >= 2.10.9-5.15
  • finch-devel >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-devel >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • libpurple-meanwhile >= 2.10.9-5.15
  • libpurple-tcl >= 2.10.9-5.15
  • pidgin >= 2.10.9-5.15
  • pidgin-devel >= 2.10.9-5.15
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA finch-devel-2.10.9-5.15
SUSE Linux Enterprise Workstation Extension 12 GA finch-2.10.9-5.15
SUSE Linux Enterprise Software Development Kit 12 SP1
  • finch-devel >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-devel >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • pidgin-devel >= 2.10.9-8.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA finch-devel-2.10.9-8.1
SUSE Linux Enterprise Software Development Kit 12 SP2
  • finch-devel >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-devel >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • pidgin-devel >= 2.11.0-12.5
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA finch-devel-2.11.0-12.5
SUSE Linux Enterprise Software Development Kit 12 SP3
  • finch-devel >= 2.12.0-1.33
  • libpurple >= 2.12.0-1.33
  • libpurple-devel >= 2.12.0-1.33
  • libpurple-lang >= 2.12.0-1.33
  • pidgin-devel >= 2.12.0-1.33
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA finch-devel-2.12.0-1.33
SUSE Linux Enterprise Software Development Kit 12 SP4
  • finch-devel >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-devel >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • pidgin-devel >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
  • finch-devel >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-devel >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • pidgin-devel >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA finch-devel-2.12.0-3.3.1
SUSE Linux Enterprise Software Development Kit 12
  • finch-devel >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-devel >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • pidgin-devel >= 2.10.9-5.15
 Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA finch-devel-2.10.9-5.15
SUSE Linux Enterprise Workstation Extension 12 SP1
  • finch >= 2.10.9-8.1
  • libpurple >= 2.10.9-8.1
  • libpurple-lang >= 2.10.9-8.1
  • libpurple-meanwhile >= 2.10.9-8.1
  • libpurple-tcl >= 2.10.9-8.1
  • pidgin >= 2.10.9-8.1
 Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA finch-2.10.9-8.1
SUSE Linux Enterprise Workstation Extension 12 SP2
  • finch >= 2.11.0-12.5
  • libpurple >= 2.11.0-12.5
  • libpurple-lang >= 2.11.0-12.5
  • libpurple-meanwhile >= 2.11.0-12.5
  • libpurple-tcl >= 2.11.0-12.5
  • pidgin >= 2.11.0-12.5
 Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA finch-2.11.0-12.5
SUSE Linux Enterprise Workstation Extension 12 SP3
  • finch >= 2.12.0-1.33
  • libpurple >= 2.12.0-1.33
  • libpurple-branding-upstream >= 2.12.0-1.33
  • libpurple-lang >= 2.12.0-1.33
  • libpurple-plugin-sametime >= 2.12.0-1.33
  • libpurple-tcl >= 2.12.0-1.33
  • pidgin >= 2.12.0-1.33
 Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA finch-2.12.0-1.33
SUSE Linux Enterprise Workstation Extension 12 SP4
  • finch >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-branding-upstream >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • libpurple-plugin-sametime >= 2.12.0-3.3.1
  • libpurple-tcl >= 2.12.0-3.3.1
  • pidgin >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP4 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
  • finch >= 2.12.0-3.3.1
  • libpurple >= 2.12.0-3.3.1
  • libpurple-branding-upstream >= 2.12.0-3.3.1
  • libpurple-lang >= 2.12.0-3.3.1
  • libpurple-plugin-sametime >= 2.12.0-3.3.1
  • libpurple-tcl >= 2.12.0-3.3.1
  • pidgin >= 2.12.0-3.3.1
 Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP5 GA finch-2.12.0-3.3.1
SUSE Linux Enterprise Workstation Extension 12
  • finch >= 2.10.9-5.15
  • libpurple >= 2.10.9-5.15
  • libpurple-lang >= 2.10.9-5.15
  • libpurple-meanwhile >= 2.10.9-5.15
  • libpurple-tcl >= 2.10.9-5.15
  • pidgin >= 2.10.9-5.15
 Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA finch-2.10.9-5.15
openSUSE Leap 15.0
  • libpurple >= 2.13.0-lp150.3.1
  • libpurple-lang >= 2.13.0-lp150.3.1
  • libpurple-tcl >= 2.13.0-lp150.3.1
  • pidgin >= 2.13.0-lp150.3.1
 Patchnames:
openSUSE Leap 15.0 GA libpurple-2.13.0-lp150.3.1
openSUSE Tumbleweed
  • finch >= 2.11.0-4.1
  • finch-devel >= 2.11.0-4.1
  • libpurple >= 2.11.0-4.1
  • libpurple-branding-upstream >= 2.11.0-4.1
  • libpurple-devel >= 2.11.0-4.1
  • libpurple-lang >= 2.11.0-4.1
  • libpurple-plugin-sametime >= 2.11.0-4.1
  • libpurple-tcl >= 2.11.0-4.1
  • pidgin >= 2.11.0-4.1
  • pidgin-devel >= 2.11.0-4.1
 Patchnames:
openSUSE-Tumbleweed-2024-10432

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 17:22:52 2013
CVE page last modified: Sat Jun 15 21:17:13 2024