Security update for finch

SUSE Security Update: Security update for finch
Announcement ID: SUSE-SU-2014:0702-1
Rating: moderate
References: #861019
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP3
    		•

    An update that fixes 14 vulnerabilities is now available.

    Description:


    The pidgin Instant Messenger has been updated to fix various security
    issues:

    * CVE-2014-0020: Remotely triggerable crash in IRC argument parsing
    * CVE-2013-6490: Buffer overflow in SIMPLE header parsing
    * CVE-2013-6489: Buffer overflow in MXit emoticon parsing
    * CVE-2013-6487: Buffer overflow in Gadu-Gadu HTTP parsing
    * CVE-2013-6486: Pidgin uses clickable links to untrusted executables
    * CVE-2013-6485: Buffer overflow parsing chunked HTTP responses
    * CVE-2013-6484: Crash reading response from STUN server
    * CVE-2013-6483: XMPP doesn't verify 'from' on some iq replies
    * CVE-2013-6482: NULL pointer dereference parsing SOAP data in MSN
    * CVE-2013-6482: NULL pointer dereference parsing OIM data in MSN
    * CVE-2013-6482: NULL pointer dereference parsing headers in MSN
    * CVE-2013-6481: Remote crash reading Yahoo! P2P message
    * CVE-2013-6479: Remote crash parsing HTTP responses
    * CVE-2013-6478: Crash when hovering pointer over a long URL
    * CVE-2013-6477: Crash handling bad XMPP timestamp
    * CVE-2012-6152: Yahoo! remote crash from incorrect character encoding

    Security Issue references:

    * CVE-2014-0020

    * CVE-2013-6490

    * CVE-2013-6489

    * CVE-2013-6487

    * CVE-2013-6486

    * CVE-2013-6485

    * CVE-2013-6484

    * CVE-2013-6483

    * CVE-2013-6482

    * CVE-2013-6481

    * CVE-2013-6479

    * CVE-2013-6478

    * CVE-2013-6477

    * CVE-2012-6152

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11 SP3:
      zypper in -t patch sdksp3-finch-9213
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-finch-9213

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
      • finch-2.6.6-0.23.1
      • finch-devel-2.6.6-0.23.1
      • libpurple-2.6.6-0.23.1
      • libpurple-devel-2.6.6-0.23.1
      • libpurple-lang-2.6.6-0.23.1
      • pidgin-2.6.6-0.23.1
      • pidgin-devel-2.6.6-0.23.1
    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
      • finch-2.6.6-0.23.1
      • libpurple-2.6.6-0.23.1
      • libpurple-lang-2.6.6-0.23.1
      • libpurple-meanwhile-2.6.6-0.23.1
      • libpurple-tcl-2.6.6-0.23.1
      • pidgin-2.6.6-0.23.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-6152.html
    • http://support.novell.com/security/cve/CVE-2013-6477.html
    • http://support.novell.com/security/cve/CVE-2013-6478.html
    • http://support.novell.com/security/cve/CVE-2013-6479.html
    • http://support.novell.com/security/cve/CVE-2013-6481.html
    • http://support.novell.com/security/cve/CVE-2013-6482.html
    • http://support.novell.com/security/cve/CVE-2013-6483.html
    • http://support.novell.com/security/cve/CVE-2013-6484.html
    • http://support.novell.com/security/cve/CVE-2013-6485.html
    • http://support.novell.com/security/cve/CVE-2013-6486.html
    • http://support.novell.com/security/cve/CVE-2013-6487.html
    • http://support.novell.com/security/cve/CVE-2013-6489.html
    • http://support.novell.com/security/cve/CVE-2013-6490.html
    • http://support.novell.com/security/cve/CVE-2014-0020.html
    • https://bugzilla.novell.com/861019
    • http://download.suse.com/patch/finder/?keywords=eceeb6030f253e0d89f34ec993eac991