FrSIRT - Fedora Security Update Fixes Pidgin Invalid HTML Data Denial of Service / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Pidgin Invalid HTML Data Denial of Service

Title : Fedora Security Update Fixes Pidgin Invalid HTML Data Denial of Service
Advisory ID : FrSIRT/ADV-2007-3693
CVE ID : CVE-2007-4999
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-02

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

c815bc7a98821e6c273c5bc94aae1232b6d2cd9e libpurple-2.2.2-1.fc7.ppc64.rpm
4e95c41bcc04d293d87699e40a69cefae53697df pidgin-debuginfo-2.2.2-1.fc7.ppc64.rpm
4c76b1401f827e782ab29eff7aaa2f64e9731206 finch-devel-2.2.2-1.fc7.ppc64.rpm
3ef087c5dc0e5aaca17a4f237b25e55f55b5852a finch-2.2.2-1.fc7.ppc64.rpm
1cb6a68f79e602c48de6d6b9e5d857b749228387 libpurple-perl-2.2.2-1.fc7.ppc64.rpm
969a6302f6ef8027587526ab3f4d18e72018bbf7 pidgin-devel-2.2.2-1.fc7.ppc64.rpm
685f0b2534ec4106371b736723b463457d6ca7f8 pidgin-2.2.2-1.fc7.ppc64.rpm
bc8f7f0ac81a49a31e9290f663a3e56caa3c4b7f pidgin-perl-2.2.2-1.fc7.ppc64.rpm
4a39cd585bba00a1fbe376e12b502cd1d374f993 libpurple-tcl-2.2.2-1.fc7.ppc64.rpm
6d4a270c2411df27f355ff42925ea80a27ca4ff0 libpurple-devel-2.2.2-1.fc7.ppc64.rpm
d96b4ad4844c863a8081e08347eaded0f27832cf pidgin-devel-2.2.2-1.fc7.i386.rpm
f1d85a1eae90bc19c3b0de50e7320735e4b6975e pidgin-perl-2.2.2-1.fc7.i386.rpm
6128ceb692cd13aaab5dd776cabdd7565c08ec1a libpurple-perl-2.2.2-1.fc7.i386.rpm
c979b9e0f9e082dcdaf8b826db87404b82fb222e libpurple-devel-2.2.2-1.fc7.i386.rpm
75e845c0f0874b7c2fbb30d44fd58bc988b3bea4 libpurple-2.2.2-1.fc7.i386.rpm
2dbed464c27b5a6fa23b6131a7323a9c7bcf23ea finch-2.2.2-1.fc7.i386.rpm
4e8fdcd30afd13c94018e7330fdd204c2a72bd3b pidgin-2.2.2-1.fc7.i386.rpm
29ef6fdfe293beac41d83d537190557971ae1076 finch-devel-2.2.2-1.fc7.i386.rpm
7c6b50de10e32846491270805933a4f1d51a9e05 libpurple-tcl-2.2.2-1.fc7.i386.rpm
5af7a0c8f5756b1d25080889adc4b3b850745bef pidgin-debuginfo-2.2.2-1.fc7.i386.rpm
b21127c207b5154e82d289c37bbd2b51757c8bf2 pidgin-devel-2.2.2-1.fc7.x86_64.rpm
36da424041a39aee6813555226c1aa42c39bb63f pidgin-2.2.2-1.fc7.x86_64.rpm
11f4040bd299c45669b104864454e2fe4f890690 pidgin-debuginfo-2.2.2-1.fc7.x86_64.rpm
3b367e424f7f89756b7f970f75a9e1a281bcc84a finch-devel-2.2.2-1.fc7.x86_64.rpm
e71a011806564ab473e42b7a4fe01c3e93065142 finch-2.2.2-1.fc7.x86_64.rpm
d72f31a4b1b24de27bd914c38c846040a082c676 libpurple-devel-2.2.2-1.fc7.x86_64.rpm
b84abb3c16cbb6c4a1284f4f2abea6a6d78f355f pidgin-perl-2.2.2-1.fc7.x86_64.rpm
d7840d0918175a3c27b25bc305cac293d62d46a1 libpurple-tcl-2.2.2-1.fc7.x86_64.rpm
1d9b96d7889536a61013c71cbc57032d6a707476 libpurple-perl-2.2.2-1.fc7.x86_64.rpm
d3940c4adc1be04a2cd2b1669dd667f121bd5d53 libpurple-2.2.2-1.fc7.x86_64.rpm
8eb104c24ea05514fb93a9bfb2b8969d14e5c3c9 libpurple-devel-2.2.2-1.fc7.ppc.rpm
74de024fcea6a753231f0e8da1ff4fa78eeda579 finch-devel-2.2.2-1.fc7.ppc.rpm
01399a7f732ba3f0bc7b881ee83196118e331216 pidgin-debuginfo-2.2.2-1.fc7.ppc.rpm
d2f3065b190b0067caa4c49ff3a463b22a158336 pidgin-perl-2.2.2-1.fc7.ppc.rpm
f58118d5d49f38343720d4eb0510d7bd580b0aed libpurple-2.2.2-1.fc7.ppc.rpm
d60d8143e25b981a6ef6b23dcac67df3ccdf2849 pidgin-devel-2.2.2-1.fc7.ppc.rpm
2365301fbce12a31a966f8ccc59767fcfe4c0070 finch-2.2.2-1.fc7.ppc.rpm
29d59102f59ae844c71f26d508b3bc235576efb9 pidgin-2.2.2-1.fc7.ppc.rpm
26d4fa4cad1ef895d9115b26d191ea87a2b08146 libpurple-perl-2.2.2-1.fc7.ppc.rpm
f10b7968aaa11beeab55064fbc2d30e834f19242 libpurple-tcl-2.2.2-1.fc7.ppc.rpm
78536cef7e8da6ad5c2ccde51e46393b2af7f2c9 pidgin-2.2.2-1.fc7.src.rpm

ChangeLog

2007-11-02 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability
	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities
	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities