Summary
Ubuntu Update for Linux kernel vulnerabilities USN-902-1
Solution
Please Install the Updated Packages.
Insight
Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)
Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420)
Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service.
(CVE-2010-0423)
Affected
pidgin vulnerabilities on Ubuntu 8.04 LTS ,
Ubuntu 8.10 ,
Ubuntu 9.04 ,
Ubuntu 9.10
Severity
Classification
-
CVE CVE-2010-0277, CVE-2010-0420, CVE-2010-0423 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities