Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0626 pidgin security update 10 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pidgin Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-2640 Original Bulletin: https://www.debian.org/security/2017/dsa-3806 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3806-1 security@debian.org https://www.debian.org/security/ Luciano Bello March 10, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : pidgin CVE ID : CVE-2017-2640 It was discovered a vulnerability in Pidgin, a multi-protocol instant messaging client. A server controlled by an attacker can send an invalid XML that can trigger an out-of-bound memory access. This might lead to a crash or, in some extreme cases, to remote code execution in the client-side. For the stable distribution (jessie), this problem has been fixed in version 2.11.0-0+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 2.12.0-1. We recommend that you upgrade your pidgin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYwiAzAAoJEG7C3vaP/jd07n4P/RCa89dLbVhk/Z8SIHIM8HyE votSxKVYxQfT9ThN7pUL7tkyKgW8t9345FBtwPYV5LIlb0i1W6KJ+AIiyf8NRRj0 mwdJFGeX2uv82b4gIgvX1k/D9uYRPVGJajn0yiHyqxTqil1d9rGLJRlD9t9OdQUF csma4u8Jusi9h22qkyOvVUSr+BylfySxCYAYiugFJWDLw/1EQ/kyy4eivR0TtIkz xIet9RSef7lUVo6YNLcqgLi9P9Mh4t/EoZi5IM8G834Po9BHCS7JBguf4hhs0FZm zkJCQohJwRgKjKKEvHjANgYgYdENZ6edyIyEEwr30M+IQ1yFlza36irDJWSIg3tX GOVECA9cB3/giLdH/y6beuwMz0CCgRRGRJRB3gTrsqv51bTML19UgW03ob/W8oo9 jH7kizZMmLtzS/6o55dgUPATrD68g3awQWnHdyoKmVzpVxjXD8JQU85c7rllgpbQ GE+1K5hxK+yeETInZrXSYmXsAkRmnFG3mCwQpOROTIIDSExsxO8s3EzdL389JLUy 3kIfUbRadcNsyYR9u+Iw4HlT9gRvZYmgzcpYQTHED9EuniQeAQ9tuFWHmERtUICl MOQH8nprNhXEPWyGSj1sZdU3YFgXohoXEWT8ir0dg3eW26zgCvkdUpLbDrZro4x+ m29t0hpEpZ74xeLhmmC8 =RtpH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWMIzzYx+lLeg9Ub1AQg3Og//Q5nHWTecDxuzO8z4aoLtfDZt1yOw6ohr vzD+hGXU94aJyWgTqEzLjzAzYJSbu90rj8GRLK0gi2O3Hw2FhfC7uQlPUqVd+/s6 5ljxNg0sHDB+F7TOnC7FCByWVD1D97yIeMoB2Lwit9s5kdIT2mBitTFYTBOlIKCS H5x7omfdBASWjMNT01UsQGdaNBJmni4f/uLZ5wB1tDzvib/QvG9DKYli8i4Pb7F6 UPy7DdSqYgZQ1Qo3xIiQge1BRvQTxlZSgjWDXIUFkJpD1cMr6w6UEftkxV4LL+kY aEgZLqocKagi3yVQzLTGEKJ9DJCEujyox4Mb5tGFsjLh9jR39Kd2UAICFuu0ZRYj SULsPi964vVnBAAYtOT7QJYNwnrKb3hAA+H068jwLtSMiR+bP7z9s+zQl42GgZbR nPbDlVOGLBbZ6PoTFkg2KyWDe7JX1Ktb9CTXz+yvi3gSFGdAlKnlEWCW0IMpEdfZ VXlUvzVkG9kkRARzJCe4002JFkVBaZ4I7GHDjTOnkWg0MngBXiAGDOc+HcmV/46F nku7aX88XHzPtC46SRBPHuNFBRY/dCWf1h652Q1kPsTVnwyRQZAHvq6gNAnzIuVk KZkegzLIK7rpraO/nE5qbTpY7SsDdcaXyWm7iU/vNfNYsapxY/0C0Kjtddr3Tp2g Oawg8lUPQPo= =k+Dt -----END PGP SIGNATURE-----