Synopsis: Important: pidgin security update Issue date: 2010-01-14 CVE Names: CVE-2010-0013 A directory traversal flaw was discovered in Pidgin's MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin. (CVE-2010-0013) These packages upgrade Pidgin to version 2.6.5. Pidgin must be restarted for this update to take effect. SL 4.x SRPMS: pidgin-2.6.5-1.el4.1.src.rpm i386: finch-2.6.5-1.el4.1.i386.rpm finch-devel-2.6.5-1.el4.1.i386.rpm libpurple-2.6.5-1.el4.1.i386.rpm libpurple-devel-2.6.5-1.el4.1.i386.rpm libpurple-perl-2.6.5-1.el4.1.i386.rpm libpurple-tcl-2.6.5-1.el4.1.i386.rpm pidgin-2.6.5-1.el4.1.i386.rpm pidgin-devel-2.6.5-1.el4.1.i386.rpm pidgin-perl-2.6.5-1.el4.1.i386.rpm x86_64: finch-2.6.5-1.el4.1.x86_64.rpm finch-devel-2.6.5-1.el4.1.x86_64.rpm libpurple-2.6.5-1.el4.1.x86_64.rpm libpurple-devel-2.6.5-1.el4.1.x86_64.rpm libpurple-perl-2.6.5-1.el4.1.x86_64.rpm libpurple-tcl-2.6.5-1.el4.1.x86_64.rpm pidgin-2.6.5-1.el4.1.x86_64.rpm pidgin-devel-2.6.5-1.el4.1.x86_64.rpm pidgin-perl-2.6.5-1.el4.1.x86_64.rpm SL 5.x SRPMS: pidgin-2.6.5-1.el5.src.rpm i386: finch-2.6.5-1.el5.i386.rpm finch-devel-2.6.5-1.el5.i386.rpm libpurple-2.6.5-1.el5.i386.rpm libpurple-devel-2.6.5-1.el5.i386.rpm libpurple-perl-2.6.5-1.el5.i386.rpm libpurple-tcl-2.6.5-1.el5.i386.rpm pidgin-2.6.5-1.el5.i386.rpm pidgin-devel-2.6.5-1.el5.i386.rpm pidgin-perl-2.6.5-1.el5.i386.rpm x86_64: finch-2.6.5-1.el5.i386.rpm finch-2.6.5-1.el5.x86_64.rpm finch-devel-2.6.5-1.el5.i386.rpm finch-devel-2.6.5-1.el5.x86_64.rpm libpurple-2.6.5-1.el5.i386.rpm libpurple-2.6.5-1.el5.x86_64.rpm libpurple-devel-2.6.5-1.el5.i386.rpm libpurple-devel-2.6.5-1.el5.x86_64.rpm libpurple-perl-2.6.5-1.el5.x86_64.rpm libpurple-tcl-2.6.5-1.el5.x86_64.rpm pidgin-2.6.5-1.el5.i386.rpm pidgin-2.6.5-1.el5.x86_64.rpm pidgin-devel-2.6.5-1.el5.i386.rpm pidgin-devel-2.6.5-1.el5.x86_64.rpm pidgin-perl-2.6.5-1.el5.x86_64.rpm -Connie Sieh -Troy Dawson