Synopsis: Moderate: pidgin security update Issue Date: 2012-07-19 CVE Numbers: CVE-2012-1178 CVE-2012-2318 CVE-2012-3374 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178) An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. (CVE-2012-2318) A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. (CVE-2012-3374) All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. SL5: i386 finch-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-perl-2.6.6-11.el5.4.i386.rpm libpurple-tcl-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-perl-2.6.6-11.el5.4.i386.rpm x86_64 finch-2.6.6-11.el5.4.i386.rpm finch-2.6.6-11.el5.4.x86_64.rpm finch-devel-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.x86_64.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-perl-2.6.6-11.el5.4.x86_64.rpm libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.x86_64.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.x86_64.rpm pidgin-perl-2.6.6-11.el5.4.x86_64.rpm SL6: i386 finch-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-perl-2.7.9-5.el6.2.i686.rpm libpurple-tcl-2.7.9-5.el6.2.i686.rpm pidgin-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-docs-2.7.9-5.el6.2.i686.rpm pidgin-perl-2.7.9-5.el6.2.i686.rpm x86_64 finch-2.7.9-5.el6.2.i686.rpm finch-2.7.9-5.el6.2.x86_64.rpm finch-devel-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.x86_64.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-perl-2.7.9-5.el6.2.x86_64.rpm libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm pidgin-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.x86_64.rpm pidgin-docs-2.7.9-5.el6.2.x86_64.rpm pidgin-perl-2.7.9-5.el6.2.x86_64.rpm - Scientific Linux Development Team