Bugzilla – Bug 991711
VUL-0: CVE-2016-2372: pidgin: MXIT File Transfer Length Memory Disclosure Vulnerability
Last modified: 2018-07-06 14:37:25 UTC
rh#1348876 An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user. External references: http://www.talosintel.com/reports/TALOS-2016-0140/ http://www.pidgin.im/news/security/?id=105 Upstream fixes: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4 https://bitbucket.org/pidgin/main/commits/1c5197a66760 https://bitbucket.org/pidgin/main/commits/648f667a679c References: https://bugzilla.redhat.com/show_bug.cgi?id=1348876
looks affecting both sle11 and sle12.
bugbot adjusting priority
SLE12SP2 update pidgin to 2.11.0, with the vulnerability fixed. Backported to SLE11 as mentioned in comment 3.
Fix checked in maintenance. Assign back to security team.
SUSE-SU-2016:2416-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 991691,991709,991711,991712,991715 CVE References: CVE-2016-2367,CVE-2016-2370,CVE-2016-2371,CVE-2016-2372,CVE-2016-2373 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): pidgin-2.6.6-0.29.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): pidgin-2.6.6-0.29.1
released