Bugzilla – Bug 991715
VUL-0: CVE-2016-2367: pidgin: MXIT Avatar Length Memory Disclosure Vulnerability
Last modified: 2018-07-06 14:37:42 UTC
rh#1348865 References: https://bugzilla.redhat.com/show_bug.cgi?id=1348865 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2367 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2367.html http://www.debian.org/security/2016/dsa-3620
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user. External references: http://www.talosintel.com/reports/TALOS-2016-0135/ http://www.pidgin.im/news/security/?id=100 Upstream fixes: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 https://bitbucket.org/pidgin/main/commits/1c5197a66760 https://bitbucket.org/pidgin/main/commits/648f667a679c
bugbot adjusting priority
Fixed in 2.11.0. So SLE12SP2 not affected. SLE11 affected. Will try to backport.
Backported to SLE11 here: https://build.suse.de/request/show/121020
Fix checked in maintenance. Assign back to security team.
SUSE-SU-2016:2416-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 991691,991709,991711,991712,991715 CVE References: CVE-2016-2367,CVE-2016-2370,CVE-2016-2371,CVE-2016-2372,CVE-2016-2373 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): pidgin-2.6.6-0.29.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): pidgin-2.6.6-0.29.1
released