LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

July 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA July 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA for pidgin on SL 3.0.x , SL 4.x , SL 5.x
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 15 Jul 2008 15:54:34 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (85 lines)

The packages are now up for SL 3.0.x

Troy

Connie Sieh wrote:
> Synopsis:          Important: pidgin security and bug fix update
> CVE Names:         CVE-2008-2927
> Description:
> 
> An integer overflow flaw was found in Pidgin's MSN protocol handler. If a
> user received a malicious MSN message, it was possible to execute arbitrary
> code with the permissions of the user running Pidgin. (CVE-2008-2927)
> 
> Note: the default Pidgin privacy setting only allows messages from users in
> the buddy list. This prevents arbitrary MSN users from exploiting this
> flaw.
> 
> This update also addresses the following bug:
> 
> * when attempting to connect to the ICQ network, Pidgin would fail to
> connect, present an alert saying the "The client version you are using is
> too old", and de-activate the ICQ account. This update restores Pidgin's
> ability to connect to the ICQ network.
> 
> SL 3:
> 
>    Source:
>         pidgin-1.5.1-2.el3.src.rpm
> 
>    x86_64:
>         pidgin-1.5.1-2.el3.x86_64.rpm
> 
> SL 4:
> 
>    Source:
>         pidgin-1.5.1-2.el4.src.rpm
> 
>    i386:
>         pidgin-1.5.1-2.el4.i386.rpm
> 
>    x86_64:
>         pidgin-1.5.1-2.el4.x86_64.rpm
> 
> SL 5:
> 
>    Source:
>         pidgin-2.3.1-2.el5_2.src.rpm
> 
>    i386:
>         finch-2.3.1-2.el5_2.i386.rpm
>         finch-devel-2.3.1-2.el5_2.i386.rpm
>         libpurple-2.3.1-2.el5_2.i386.rpm
>         libpurple-devel-2.3.1-2.el5_2.i386.rpm
>         libpurple-perl-2.3.1-2.el5_2.i386.rpm
>         libpurple-tcl-2.3.1-2.el5_2.i386.rpm
>         pidgin-2.3.1-2.el5_2.i386.rpm
>         pidgin-perl-2.3.1-2.el5_2.i386.rpm
>         pidgin-devel-2.3.1-2.el5_2.i386.rpm
> 
>    x86_64:
>         finch-2.3.1-2.el5_2.i386.rpm
>         finch-2.3.1-2.el5_2.x86_64.rpm
>         finch-devel-2.3.1-2.el5_2.i386.rpm
>         finch-devel-2.3.1-2.el5_2.x86_64.rpm
>         libpurple-2.3.1-2.el5_2.i386.rpm
>         libpurple-2.3.1-2.el5_2.x86_64.rpm
>         libpurple-devel-2.3.1-2.el5_2.i386.rpm
>         libpurple-devel-2.3.1-2.el5_2.x86_64.rpm
>         libpurple-perl-2.3.1-2.el5_2.x86_64.rpm
>         libpurple-tcl-2.3.1-2.el5_2.x86_64.rpm
>         pidgin-2.3.1-2.el5_2.i386.rpm
>         pidgin-2.3.1-2.el5_2.x86_64.rpm
>         pidgin-devel-2.3.1-2.el5_2.i386.rpm
>         pidgin-devel-2.3.1-2.el5_2.x86_64.rpm
>         pidgin-perl-2.3.1-2.el5_2.x86_64.rpm
> 
> -Connie Sieh


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV