SCIENTIFIC-LINUX-ERRATA Archives

March 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Thu, 14 Mar 2013 16:07:21 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (86 lines) 
Synopsis:          Moderate: pidgin security update
Issue Date:        2013-03-14
CVE Numbers:       CVE-2013-0272
                    CVE-2013-0273
                    CVE-2013-0274
--

A stack-based buffer overflow flaw was found in the Pidgin MXit protocol
plug-in. A malicious server or a remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)

A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.
A malicious server or a remote attacker could use this flaw to crash
Pidgin by sending a specially-crafted username. (CVE-2013-0273)

A buffer overflow flaw was found in the way Pidgin processed certain UPnP
responses. A remote attacker could send a specially-crafted UPnP response
that, when processed, would crash Pidgin. (CVE-2013-0274)

Pidgin must be restarted for this update to take effect.
--

SL5
   x86_64
     finch-2.6.6-17.el5_9.1.i386.rpm
     finch-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-2.6.6-17.el5_9.1.i386.rpm
     libpurple-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-2.6.6-17.el5_9.1.i386.rpm
     pidgin-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm
     finch-devel-2.6.6-17.el5_9.1.i386.rpm
     finch-devel-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
     libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
     pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm
   i386
     finch-2.6.6-17.el5_9.1.i386.rpm
     libpurple-2.6.6-17.el5_9.1.i386.rpm
     libpurple-perl-2.6.6-17.el5_9.1.i386.rpm
     libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm
     pidgin-2.6.6-17.el5_9.1.i386.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
     pidgin-perl-2.6.6-17.el5_9.1.i386.rpm
     finch-devel-2.6.6-17.el5_9.1.i386.rpm
     libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
     pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
SL6
   x86_64
     libpurple-2.7.9-10.el6_4.1.i686.rpm
     libpurple-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm
     finch-2.7.9-10.el6_4.1.i686.rpm
     finch-2.7.9-10.el6_4.1.x86_64.rpm
     finch-devel-2.7.9-10.el6_4.1.i686.rpm
     finch-devel-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
     pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm
   i386
     libpurple-2.7.9-10.el6_4.1.i686.rpm
     pidgin-2.7.9-10.el6_4.1.i686.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
     finch-2.7.9-10.el6_4.1.i686.rpm
     finch-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-perl-2.7.9-10.el6_4.1.i686.rpm
     libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm
     pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
     pidgin-docs-2.7.9-10.el6_4.1.i686.rpm
     pidgin-perl-2.7.9-10.el6_4.1.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2