SCIENTIFIC-LINUX-ERRATA Archives

July 2012

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64
From:
Patrick Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 19 Jul 2012 16:08:52 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (91 lines) 
Synopsis:    Moderate: pidgin security update
Issue Date:  2012-07-19
CVE Numbers: CVE-2012-1178
             CVE-2012-2318
             CVE-2012-3374


Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text
that was not encoded in UTF-8. A remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol
plug-in handled MSN notification messages. A malicious server or a remote
attacker could use this flaw to crash Pidgin by sending a specially-crafted
MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A
remote attacker could use this flaw to crash Pidgin by sending a MXit
message containing specially-crafted emoticon tags. (CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

SL5:
  i386
     finch-2.6.6-11.el5.4.i386.rpm
     finch-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-2.6.6-11.el5.4.i386.rpm
     libpurple-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-perl-2.6.6-11.el5.4.i386.rpm
     libpurple-tcl-2.6.6-11.el5.4.i386.rpm
     pidgin-2.6.6-11.el5.4.i386.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
     pidgin-devel-2.6.6-11.el5.4.i386.rpm
     pidgin-perl-2.6.6-11.el5.4.i386.rpm
  x86_64
     finch-2.6.6-11.el5.4.i386.rpm
     finch-2.6.6-11.el5.4.x86_64.rpm
     finch-devel-2.6.6-11.el5.4.i386.rpm
     finch-devel-2.6.6-11.el5.4.x86_64.rpm
     libpurple-2.6.6-11.el5.4.i386.rpm
     libpurple-2.6.6-11.el5.4.x86_64.rpm
     libpurple-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-devel-2.6.6-11.el5.4.x86_64.rpm
     libpurple-perl-2.6.6-11.el5.4.x86_64.rpm
     libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm
     pidgin-2.6.6-11.el5.4.i386.rpm
     pidgin-2.6.6-11.el5.4.x86_64.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm
     pidgin-devel-2.6.6-11.el5.4.i386.rpm
     pidgin-devel-2.6.6-11.el5.4.x86_64.rpm
     pidgin-perl-2.6.6-11.el5.4.x86_64.rpm
SL6:
  i386
     finch-2.7.9-5.el6.2.i686.rpm
     finch-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-2.7.9-5.el6.2.i686.rpm
     libpurple-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-perl-2.7.9-5.el6.2.i686.rpm
     libpurple-tcl-2.7.9-5.el6.2.i686.rpm
     pidgin-2.7.9-5.el6.2.i686.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
     pidgin-devel-2.7.9-5.el6.2.i686.rpm
     pidgin-docs-2.7.9-5.el6.2.i686.rpm
     pidgin-perl-2.7.9-5.el6.2.i686.rpm
  x86_64
     finch-2.7.9-5.el6.2.i686.rpm
     finch-2.7.9-5.el6.2.x86_64.rpm
     finch-devel-2.7.9-5.el6.2.i686.rpm
     finch-devel-2.7.9-5.el6.2.x86_64.rpm
     libpurple-2.7.9-5.el6.2.i686.rpm
     libpurple-2.7.9-5.el6.2.x86_64.rpm
     libpurple-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-devel-2.7.9-5.el6.2.x86_64.rpm
     libpurple-perl-2.7.9-5.el6.2.x86_64.rpm
     libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm
     pidgin-2.7.9-5.el6.2.x86_64.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm
     pidgin-devel-2.7.9-5.el6.2.i686.rpm
     pidgin-devel-2.7.9-5.el6.2.x86_64.rpm
     pidgin-docs-2.7.9-5.el6.2.x86_64.rpm
     pidgin-perl-2.7.9-5.el6.2.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2