Novell Home

CVE-2013-6481

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-6481 at MITRE

Description

libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 861019

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP3
  • finch >= 2.6.6-0.23.1
  • finch-devel >= 2.6.6-0.23.1
  • libpurple >= 2.6.6-0.23.1
  • libpurple-devel >= 2.6.6-0.23.1
  • libpurple-lang >= 2.6.6-0.23.1
  • pidgin >= 2.6.6-0.23.1
  • pidgin-devel >= 2.6.6-0.23.1
Builds
SAT Patch Nr: 9213
SUSE Linux Enterprise Desktop 11 SP3
  • finch >= 2.6.6-0.23.1
  • libpurple >= 2.6.6-0.23.1
  • libpurple-lang >= 2.6.6-0.23.1
  • libpurple-meanwhile >= 2.6.6-0.23.1
  • libpurple-tcl >= 2.6.6-0.23.1
  • pidgin >= 2.6.6-0.23.1
Builds
SAT Patch Nr: 9213

© 2014 Novell