Main Vulnerability Database SB2022051617

SB2022051617 - SUSE update for pidgin

Published: May 16, 2022

Security Bulletin ID SB2022051617

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2022-26491)

The vulnerability allows a remote attacker to perform MitM-attack.

The vulnerability exists due to Pigin supports _xmppconnect DNS TXT record. If DNSSEC is not used, a remote attacker can perform MitM attack via DNS spoofing.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2022/suse-su-20221665-1/

Vulnerable Software

SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Workstation Extension: 15-SP3
SUSE Linux Enterprise Desktop: 15-SP3
openSUSE Leap: 15.3 - 15.4
SUSE Manager Server: 4.2
SUSE Manager Proxy: 4.2
SUSE Linux Enterprise Server for SAP Applications: 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages: 15-SP3
libpurple-lang: before 2.13.0-150200.12.6.1
libpurple-branding-upstream: before 2.13.0-150200.12.6.1
pidgin-devel: before 2.13.0-150200.12.6.1
pidgin-debugsource: before 2.13.0-150200.12.6.1
pidgin-debuginfo: before 2.13.0-150200.12.6.1
pidgin: before 2.13.0-150200.12.6.1
libpurple-tcl-debuginfo: before 2.13.0-150200.12.6.1
libpurple-tcl: before 2.13.0-150200.12.6.1
libpurple-plugin-sametime-debuginfo: before 2.13.0-150200.12.6.1
libpurple-plugin-sametime: before 2.13.0-150200.12.6.1
libpurple-devel: before 2.13.0-150200.12.6.1
libpurple-debuginfo: before 2.13.0-150200.12.6.1
libpurple: before 2.13.0-150200.12.6.1
finch-devel: before 2.13.0-150200.12.6.1
finch-debuginfo: before 2.13.0-150200.12.6.1
finch: before 2.13.0-150200.12.6.1