LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:    Moderate: pidgin security update
Issue Date:  2012-07-19
CVE Numbers: CVE-2012-1178
             CVE-2012-2318
             CVE-2012-3374


Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text
that was not encoded in UTF-8. A remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol
plug-in handled MSN notification messages. A malicious server or a remote
attacker could use this flaw to crash Pidgin by sending a specially-crafted
MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A
remote attacker could use this flaw to crash Pidgin by sending a MXit
message containing specially-crafted emoticon tags. (CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

SL5:
  i386
     finch-2.6.6-11.el5.4.i386.rpm
     finch-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-2.6.6-11.el5.4.i386.rpm
     libpurple-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-perl-2.6.6-11.el5.4.i386.rpm
     libpurple-tcl-2.6.6-11.el5.4.i386.rpm
     pidgin-2.6.6-11.el5.4.i386.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
     pidgin-devel-2.6.6-11.el5.4.i386.rpm
     pidgin-perl-2.6.6-11.el5.4.i386.rpm
  x86_64
     finch-2.6.6-11.el5.4.i386.rpm
     finch-2.6.6-11.el5.4.x86_64.rpm
     finch-devel-2.6.6-11.el5.4.i386.rpm
     finch-devel-2.6.6-11.el5.4.x86_64.rpm
     libpurple-2.6.6-11.el5.4.i386.rpm
     libpurple-2.6.6-11.el5.4.x86_64.rpm
     libpurple-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-devel-2.6.6-11.el5.4.x86_64.rpm
     libpurple-perl-2.6.6-11.el5.4.x86_64.rpm
     libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm
     pidgin-2.6.6-11.el5.4.i386.rpm
     pidgin-2.6.6-11.el5.4.x86_64.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm
     pidgin-devel-2.6.6-11.el5.4.i386.rpm
     pidgin-devel-2.6.6-11.el5.4.x86_64.rpm
     pidgin-perl-2.6.6-11.el5.4.x86_64.rpm
SL6:
  i386
     finch-2.7.9-5.el6.2.i686.rpm
     finch-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-2.7.9-5.el6.2.i686.rpm
     libpurple-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-perl-2.7.9-5.el6.2.i686.rpm
     libpurple-tcl-2.7.9-5.el6.2.i686.rpm
     pidgin-2.7.9-5.el6.2.i686.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
     pidgin-devel-2.7.9-5.el6.2.i686.rpm
     pidgin-docs-2.7.9-5.el6.2.i686.rpm
     pidgin-perl-2.7.9-5.el6.2.i686.rpm
  x86_64
     finch-2.7.9-5.el6.2.i686.rpm
     finch-2.7.9-5.el6.2.x86_64.rpm
     finch-devel-2.7.9-5.el6.2.i686.rpm
     finch-devel-2.7.9-5.el6.2.x86_64.rpm
     libpurple-2.7.9-5.el6.2.i686.rpm
     libpurple-2.7.9-5.el6.2.x86_64.rpm
     libpurple-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-devel-2.7.9-5.el6.2.x86_64.rpm
     libpurple-perl-2.7.9-5.el6.2.x86_64.rpm
     libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm
     pidgin-2.7.9-5.el6.2.x86_64.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm
     pidgin-devel-2.7.9-5.el6.2.i686.rpm
     pidgin-devel-2.7.9-5.el6.2.x86_64.rpm
     pidgin-docs-2.7.9-5.el6.2.x86_64.rpm
     pidgin-perl-2.7.9-5.el6.2.x86_64.rpm

- Scientific Linux Development Team