Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-2370 (GCVE-0-2016-2370)
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- out-of-bounds read
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pidgin",
"vendor": "Pidgin",
"versions": [
{
"status": "affected",
"version": "2.10.11"
}
]
}
],
"datePublic": "2016-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T19:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "91335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0138/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=103",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2370",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-2370\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-01-06T21:59:00.727\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de denegaci\u00f3n de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un servidor malicioso o un atacante man-in-the-middle puede enviar datos no v\u00e1lidos para desencadenar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.10.12\",\"matchCriteriaId\":\"874D8FC9-41D0-49C7-9F8F-5C2DD33516AF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2016/dsa-3620\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.pidgin.im/news/security/?id=103\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91335\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0138/\",\"source\":\"cret@cert.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3031-1\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-38\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.pidgin.im/news/security/?id=103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0138/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3031-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
fkie_cve-2016-2370
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.debian.org/security/2016/dsa-3620 | Third Party Advisory | |
| cret@cert.org | http://www.pidgin.im/news/security/?id=103 | Patch, Vendor Advisory | |
| cret@cert.org | http://www.securityfocus.com/bid/91335 | Third Party Advisory, VDB Entry | |
| cret@cert.org | http://www.talosintelligence.com/reports/TALOS-2016-0138/ | Technical Description, Third Party Advisory | |
| cret@cert.org | http://www.ubuntu.com/usn/USN-3031-1 | Third Party Advisory | |
| cret@cert.org | https://security.gentoo.org/glsa/201701-38 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3620 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pidgin.im/news/security/?id=103 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91335 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2016-0138/ | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-3031-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-38 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pidgin | pidgin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874D8FC9-41D0-49C7-9F8F-5C2DD33516AF",
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podr\u00edan resultar potencialmente en una lectura fuera de l\u00edmites. Un servidor malicioso o un atacante man-in-the-middle puede enviar datos no v\u00e1lidos para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2016-2370",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.727",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-38"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-cq7h-ghp5-qghc
Vulnerability from github
Published
2022-05-17 02:52
Modified
2025-04-20 03:30
Severity ?
VLAI Severity ?
Details
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2016-2370"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-06T21:59:00Z",
"severity": "MODERATE"
},
"details": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.",
"id": "GHSA-cq7h-ghp5-qghc",
"modified": "2025-04-20T03:30:48Z",
"published": "2022-05-17T02:52:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2370"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"type": "WEB",
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"type": "WEB",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
suse-su-2016:2416-1
Vulnerability from csaf_suse
Published
2016-09-29 13:16
Modified
2016-09-29 13:16
Summary
Security update for pidgin
Notes
Title of the patch
Security update for pidgin
Description of the patch
This update for pidgin fixes the following issues:
Security issues fixed:
- CVE-2016-2367: Fixed a MXIT Avatar Length Memory Disclosure Vulnerability (bsc#991715).
- CVE-2016-2370: Fixed a MXIT Custom Resource Denial of Service Vulnerability (bsc#991712).
- CVE-2016-2371: Fixed a MXIT Extended Profiles Code Execution Vulnerability (bsc#991691).
- CVE-2016-2372: Fixed a MXIT File Transfer Length Memory Disclosure Vulnerability (bsc#991711).
- CVE-2016-2373: Fixed a MXIT Contact Mood Denial of Service Vulnerability (bsc#991709)
Patchnames
sdksp4-pidgin-12767
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pidgin",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for pidgin fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2016-2367: Fixed a MXIT Avatar Length Memory Disclosure Vulnerability (bsc#991715).\n- CVE-2016-2370: Fixed a MXIT Custom Resource Denial of Service Vulnerability (bsc#991712).\n- CVE-2016-2371: Fixed a MXIT Extended Profiles Code Execution Vulnerability (bsc#991691).\n- CVE-2016-2372: Fixed a MXIT File Transfer Length Memory Disclosure Vulnerability (bsc#991711).\n- CVE-2016-2373: Fixed a MXIT Contact Mood Denial of Service Vulnerability (bsc#991709)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-pidgin-12767",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2416-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2416-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162416-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2416-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002301.html"
},
{
"category": "self",
"summary": "SUSE Bug 991691",
"url": "https://bugzilla.suse.com/991691"
},
{
"category": "self",
"summary": "SUSE Bug 991709",
"url": "https://bugzilla.suse.com/991709"
},
{
"category": "self",
"summary": "SUSE Bug 991711",
"url": "https://bugzilla.suse.com/991711"
},
{
"category": "self",
"summary": "SUSE Bug 991712",
"url": "https://bugzilla.suse.com/991712"
},
{
"category": "self",
"summary": "SUSE Bug 991715",
"url": "https://bugzilla.suse.com/991715"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2367 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2370 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2370/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2371 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2372 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2373 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2373/"
}
],
"title": "Security update for pidgin",
"tracking": {
"current_release_date": "2016-09-29T13:16:31Z",
"generator": {
"date": "2016-09-29T13:16:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2416-1",
"initial_release_date": "2016-09-29T13:16:31Z",
"revision_history": [
{
"date": "2016-09-29T13:16:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "finch-2.6.6-0.29.1.i586",
"product": {
"name": "finch-2.6.6-0.29.1.i586",
"product_id": "finch-2.6.6-0.29.1.i586"
}
},
{
"category": "product_version",
"name": "finch-devel-2.6.6-0.29.1.i586",
"product": {
"name": "finch-devel-2.6.6-0.29.1.i586",
"product_id": "finch-devel-2.6.6-0.29.1.i586"
}
},
{
"category": "product_version",
"name": "libpurple-2.6.6-0.29.1.i586",
"product": {
"name": "libpurple-2.6.6-0.29.1.i586",
"product_id": "libpurple-2.6.6-0.29.1.i586"
}
},
{
"category": "product_version",
"name": "libpurple-devel-2.6.6-0.29.1.i586",
"product": {
"name": "libpurple-devel-2.6.6-0.29.1.i586",
"product_id": "libpurple-devel-2.6.6-0.29.1.i586"
}
},
{
"category": "product_version",
"name": "libpurple-lang-2.6.6-0.29.1.i586",
"product": {
"name": "libpurple-lang-2.6.6-0.29.1.i586",
"product_id": "libpurple-lang-2.6.6-0.29.1.i586"
}
},
{
"category": "product_version",
"name": "pidgin-2.6.6-0.29.1.i586",
"product": {
"name": "pidgin-2.6.6-0.29.1.i586",
"product_id": "pidgin-2.6.6-0.29.1.i586"
}
},
{
"category": "product_version",
"name": "pidgin-devel-2.6.6-0.29.1.i586",
"product": {
"name": "pidgin-devel-2.6.6-0.29.1.i586",
"product_id": "pidgin-devel-2.6.6-0.29.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "finch-2.6.6-0.29.1.ia64",
"product": {
"name": "finch-2.6.6-0.29.1.ia64",
"product_id": "finch-2.6.6-0.29.1.ia64"
}
},
{
"category": "product_version",
"name": "finch-devel-2.6.6-0.29.1.ia64",
"product": {
"name": "finch-devel-2.6.6-0.29.1.ia64",
"product_id": "finch-devel-2.6.6-0.29.1.ia64"
}
},
{
"category": "product_version",
"name": "libpurple-2.6.6-0.29.1.ia64",
"product": {
"name": "libpurple-2.6.6-0.29.1.ia64",
"product_id": "libpurple-2.6.6-0.29.1.ia64"
}
},
{
"category": "product_version",
"name": "libpurple-devel-2.6.6-0.29.1.ia64",
"product": {
"name": "libpurple-devel-2.6.6-0.29.1.ia64",
"product_id": "libpurple-devel-2.6.6-0.29.1.ia64"
}
},
{
"category": "product_version",
"name": "libpurple-lang-2.6.6-0.29.1.ia64",
"product": {
"name": "libpurple-lang-2.6.6-0.29.1.ia64",
"product_id": "libpurple-lang-2.6.6-0.29.1.ia64"
}
},
{
"category": "product_version",
"name": "pidgin-2.6.6-0.29.1.ia64",
"product": {
"name": "pidgin-2.6.6-0.29.1.ia64",
"product_id": "pidgin-2.6.6-0.29.1.ia64"
}
},
{
"category": "product_version",
"name": "pidgin-devel-2.6.6-0.29.1.ia64",
"product": {
"name": "pidgin-devel-2.6.6-0.29.1.ia64",
"product_id": "pidgin-devel-2.6.6-0.29.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "finch-2.6.6-0.29.1.ppc64",
"product": {
"name": "finch-2.6.6-0.29.1.ppc64",
"product_id": "finch-2.6.6-0.29.1.ppc64"
}
},
{
"category": "product_version",
"name": "finch-devel-2.6.6-0.29.1.ppc64",
"product": {
"name": "finch-devel-2.6.6-0.29.1.ppc64",
"product_id": "finch-devel-2.6.6-0.29.1.ppc64"
}
},
{
"category": "product_version",
"name": "libpurple-2.6.6-0.29.1.ppc64",
"product": {
"name": "libpurple-2.6.6-0.29.1.ppc64",
"product_id": "libpurple-2.6.6-0.29.1.ppc64"
}
},
{
"category": "product_version",
"name": "libpurple-devel-2.6.6-0.29.1.ppc64",
"product": {
"name": "libpurple-devel-2.6.6-0.29.1.ppc64",
"product_id": "libpurple-devel-2.6.6-0.29.1.ppc64"
}
},
{
"category": "product_version",
"name": "libpurple-lang-2.6.6-0.29.1.ppc64",
"product": {
"name": "libpurple-lang-2.6.6-0.29.1.ppc64",
"product_id": "libpurple-lang-2.6.6-0.29.1.ppc64"
}
},
{
"category": "product_version",
"name": "pidgin-2.6.6-0.29.1.ppc64",
"product": {
"name": "pidgin-2.6.6-0.29.1.ppc64",
"product_id": "pidgin-2.6.6-0.29.1.ppc64"
}
},
{
"category": "product_version",
"name": "pidgin-devel-2.6.6-0.29.1.ppc64",
"product": {
"name": "pidgin-devel-2.6.6-0.29.1.ppc64",
"product_id": "pidgin-devel-2.6.6-0.29.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "finch-2.6.6-0.29.1.s390x",
"product": {
"name": "finch-2.6.6-0.29.1.s390x",
"product_id": "finch-2.6.6-0.29.1.s390x"
}
},
{
"category": "product_version",
"name": "finch-devel-2.6.6-0.29.1.s390x",
"product": {
"name": "finch-devel-2.6.6-0.29.1.s390x",
"product_id": "finch-devel-2.6.6-0.29.1.s390x"
}
},
{
"category": "product_version",
"name": "libpurple-2.6.6-0.29.1.s390x",
"product": {
"name": "libpurple-2.6.6-0.29.1.s390x",
"product_id": "libpurple-2.6.6-0.29.1.s390x"
}
},
{
"category": "product_version",
"name": "libpurple-devel-2.6.6-0.29.1.s390x",
"product": {
"name": "libpurple-devel-2.6.6-0.29.1.s390x",
"product_id": "libpurple-devel-2.6.6-0.29.1.s390x"
}
},
{
"category": "product_version",
"name": "libpurple-lang-2.6.6-0.29.1.s390x",
"product": {
"name": "libpurple-lang-2.6.6-0.29.1.s390x",
"product_id": "libpurple-lang-2.6.6-0.29.1.s390x"
}
},
{
"category": "product_version",
"name": "pidgin-2.6.6-0.29.1.s390x",
"product": {
"name": "pidgin-2.6.6-0.29.1.s390x",
"product_id": "pidgin-2.6.6-0.29.1.s390x"
}
},
{
"category": "product_version",
"name": "pidgin-devel-2.6.6-0.29.1.s390x",
"product": {
"name": "pidgin-devel-2.6.6-0.29.1.s390x",
"product_id": "pidgin-devel-2.6.6-0.29.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "finch-2.6.6-0.29.1.x86_64",
"product": {
"name": "finch-2.6.6-0.29.1.x86_64",
"product_id": "finch-2.6.6-0.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "finch-devel-2.6.6-0.29.1.x86_64",
"product": {
"name": "finch-devel-2.6.6-0.29.1.x86_64",
"product_id": "finch-devel-2.6.6-0.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpurple-2.6.6-0.29.1.x86_64",
"product": {
"name": "libpurple-2.6.6-0.29.1.x86_64",
"product_id": "libpurple-2.6.6-0.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpurple-devel-2.6.6-0.29.1.x86_64",
"product": {
"name": "libpurple-devel-2.6.6-0.29.1.x86_64",
"product_id": "libpurple-devel-2.6.6-0.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpurple-lang-2.6.6-0.29.1.x86_64",
"product": {
"name": "libpurple-lang-2.6.6-0.29.1.x86_64",
"product_id": "libpurple-lang-2.6.6-0.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "pidgin-2.6.6-0.29.1.x86_64",
"product": {
"name": "pidgin-2.6.6-0.29.1.x86_64",
"product_id": "pidgin-2.6.6-0.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "pidgin-devel-2.6.6-0.29.1.x86_64",
"product": {
"name": "pidgin-devel-2.6.6-0.29.1.x86_64",
"product_id": "pidgin-devel-2.6.6-0.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586"
},
"product_reference": "finch-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64"
},
"product_reference": "finch-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64"
},
"product_reference": "finch-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x"
},
"product_reference": "finch-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64"
},
"product_reference": "finch-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-devel-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586"
},
"product_reference": "finch-devel-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-devel-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64"
},
"product_reference": "finch-devel-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-devel-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64"
},
"product_reference": "finch-devel-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-devel-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x"
},
"product_reference": "finch-devel-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "finch-devel-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64"
},
"product_reference": "finch-devel-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586"
},
"product_reference": "libpurple-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64"
},
"product_reference": "libpurple-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64"
},
"product_reference": "libpurple-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x"
},
"product_reference": "libpurple-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64"
},
"product_reference": "libpurple-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-devel-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586"
},
"product_reference": "libpurple-devel-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-devel-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64"
},
"product_reference": "libpurple-devel-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-devel-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64"
},
"product_reference": "libpurple-devel-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-devel-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x"
},
"product_reference": "libpurple-devel-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-devel-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64"
},
"product_reference": "libpurple-devel-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-lang-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586"
},
"product_reference": "libpurple-lang-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-lang-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64"
},
"product_reference": "libpurple-lang-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-lang-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64"
},
"product_reference": "libpurple-lang-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-lang-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x"
},
"product_reference": "libpurple-lang-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpurple-lang-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64"
},
"product_reference": "libpurple-lang-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586"
},
"product_reference": "pidgin-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64"
},
"product_reference": "pidgin-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64"
},
"product_reference": "pidgin-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x"
},
"product_reference": "pidgin-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64"
},
"product_reference": "pidgin-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-devel-2.6.6-0.29.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586"
},
"product_reference": "pidgin-devel-2.6.6-0.29.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-devel-2.6.6-0.29.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64"
},
"product_reference": "pidgin-devel-2.6.6-0.29.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-devel-2.6.6-0.29.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64"
},
"product_reference": "pidgin-devel-2.6.6-0.29.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-devel-2.6.6-0.29.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x"
},
"product_reference": "pidgin-devel-2.6.6-0.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pidgin-devel-2.6.6-0.29.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
},
"product_reference": "pidgin-devel-2.6.6-0.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2367"
}
],
"notes": [
{
"category": "general",
"text": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2367",
"url": "https://www.suse.com/security/cve/CVE-2016-2367"
},
{
"category": "external",
"summary": "SUSE Bug 984655 for CVE-2016-2367",
"url": "https://bugzilla.suse.com/984655"
},
{
"category": "external",
"summary": "SUSE Bug 991712 for CVE-2016-2367",
"url": "https://bugzilla.suse.com/991712"
},
{
"category": "external",
"summary": "SUSE Bug 991715 for CVE-2016-2367",
"url": "https://bugzilla.suse.com/991715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-29T13:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2016-2367"
},
{
"cve": "CVE-2016-2370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2370"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2370",
"url": "https://www.suse.com/security/cve/CVE-2016-2370"
},
{
"category": "external",
"summary": "SUSE Bug 984655 for CVE-2016-2370",
"url": "https://bugzilla.suse.com/984655"
},
{
"category": "external",
"summary": "SUSE Bug 991712 for CVE-2016-2370",
"url": "https://bugzilla.suse.com/991712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-29T13:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2016-2370"
},
{
"cve": "CVE-2016-2371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2371"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2371",
"url": "https://www.suse.com/security/cve/CVE-2016-2371"
},
{
"category": "external",
"summary": "SUSE Bug 984655 for CVE-2016-2371",
"url": "https://bugzilla.suse.com/984655"
},
{
"category": "external",
"summary": "SUSE Bug 991691 for CVE-2016-2371",
"url": "https://bugzilla.suse.com/991691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-29T13:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2016-2371"
},
{
"cve": "CVE-2016-2372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2372"
}
],
"notes": [
{
"category": "general",
"text": "An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2372",
"url": "https://www.suse.com/security/cve/CVE-2016-2372"
},
{
"category": "external",
"summary": "SUSE Bug 984655 for CVE-2016-2372",
"url": "https://bugzilla.suse.com/984655"
},
{
"category": "external",
"summary": "SUSE Bug 991711 for CVE-2016-2372",
"url": "https://bugzilla.suse.com/991711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-29T13:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2016-2372"
},
{
"cve": "CVE-2016-2373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2373"
}
],
"notes": [
{
"category": "general",
"text": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2373",
"url": "https://www.suse.com/security/cve/CVE-2016-2373"
},
{
"category": "external",
"summary": "SUSE Bug 984655 for CVE-2016-2373",
"url": "https://bugzilla.suse.com/984655"
},
{
"category": "external",
"summary": "SUSE Bug 991709 for CVE-2016-2373",
"url": "https://bugzilla.suse.com/991709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:finch-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-devel-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libpurple-lang-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-2.6.6-0.29.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:pidgin-devel-2.6.6-0.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-29T13:16:31Z",
"details": "moderate"
}
],
"title": "CVE-2016-2373"
}
]
}
gsd-2016-2370
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-2370",
"description": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.",
"id": "GSD-2016-2370",
"references": [
"https://www.suse.com/security/cve/CVE-2016-2370.html",
"https://www.debian.org/security/2016/dsa-3620",
"https://ubuntu.com/security/CVE-2016-2370",
"https://advisories.mageia.org/CVE-2016-2370.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-2370"
],
"details": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.",
"id": "GSD-2016-2370",
"modified": "2023-12-13T01:21:19.913236Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0138/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "http://www.pidgin.im/news/security/?id=103",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2370"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0138/",
"refsource": "MISC",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0138/"
},
{
"name": "http://www.pidgin.im/news/security/?id=103",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.pidgin.im/news/security/?id=103"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "91335",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201701-38"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-03-30T01:59Z",
"publishedDate": "2017-01-06T21:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…