Subject: | |
From: | |
Reply To: | |
Date: | Fri, 11 Jul 2008 16:06:25 -0500 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
Synopsis: Important: pidgin security and bug fix update
CVE Names: CVE-2008-2927
Description:
An integer overflow flaw was found in Pidgin's MSN protocol handler. If a
user received a malicious MSN message, it was possible to execute arbitrary
code with the permissions of the user running Pidgin. (CVE-2008-2927)
Note: the default Pidgin privacy setting only allows messages from users in
the buddy list. This prevents arbitrary MSN users from exploiting this
flaw.
This update also addresses the following bug:
* when attempting to connect to the ICQ network, Pidgin would fail to
connect, present an alert saying the "The client version you are using is
too old", and de-activate the ICQ account. This update restores Pidgin's
ability to connect to the ICQ network.
SL 3:
Source:
pidgin-1.5.1-2.el3.src.rpm
x86_64:
pidgin-1.5.1-2.el3.x86_64.rpm
SL 4:
Source:
pidgin-1.5.1-2.el4.src.rpm
i386:
pidgin-1.5.1-2.el4.i386.rpm
x86_64:
pidgin-1.5.1-2.el4.x86_64.rpm
SL 5:
Source:
pidgin-2.3.1-2.el5_2.src.rpm
i386:
finch-2.3.1-2.el5_2.i386.rpm
finch-devel-2.3.1-2.el5_2.i386.rpm
libpurple-2.3.1-2.el5_2.i386.rpm
libpurple-devel-2.3.1-2.el5_2.i386.rpm
libpurple-perl-2.3.1-2.el5_2.i386.rpm
libpurple-tcl-2.3.1-2.el5_2.i386.rpm
pidgin-2.3.1-2.el5_2.i386.rpm
pidgin-perl-2.3.1-2.el5_2.i386.rpm
pidgin-devel-2.3.1-2.el5_2.i386.rpm
x86_64:
finch-2.3.1-2.el5_2.i386.rpm
finch-2.3.1-2.el5_2.x86_64.rpm
finch-devel-2.3.1-2.el5_2.i386.rpm
finch-devel-2.3.1-2.el5_2.x86_64.rpm
libpurple-2.3.1-2.el5_2.i386.rpm
libpurple-2.3.1-2.el5_2.x86_64.rpm
libpurple-devel-2.3.1-2.el5_2.i386.rpm
libpurple-devel-2.3.1-2.el5_2.x86_64.rpm
libpurple-perl-2.3.1-2.el5_2.x86_64.rpm
libpurple-tcl-2.3.1-2.el5_2.x86_64.rpm
pidgin-2.3.1-2.el5_2.i386.rpm
pidgin-2.3.1-2.el5_2.x86_64.rpm
pidgin-devel-2.3.1-2.el5_2.i386.rpm
pidgin-devel-2.3.1-2.el5_2.x86_64.rpm
pidgin-perl-2.3.1-2.el5_2.x86_64.rpm
-Connie Sieh
|
|
|