Synopsis: Moderate: pidgin security update Issue Date: 2013-03-14 CVE Numbers: CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 -- A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially-crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Pidgin must be restarted for this update to take effect. -- SL5 x86_64 finch-2.6.6-17.el5_9.1.i386.rpm finch-2.6.6-17.el5_9.1.x86_64.rpm libpurple-2.6.6-17.el5_9.1.i386.rpm libpurple-2.6.6-17.el5_9.1.x86_64.rpm libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm pidgin-2.6.6-17.el5_9.1.i386.rpm pidgin-2.6.6-17.el5_9.1.x86_64.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm finch-devel-2.6.6-17.el5_9.1.i386.rpm finch-devel-2.6.6-17.el5_9.1.x86_64.rpm libpurple-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm pidgin-devel-2.6.6-17.el5_9.1.i386.rpm pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm i386 finch-2.6.6-17.el5_9.1.i386.rpm libpurple-2.6.6-17.el5_9.1.i386.rpm libpurple-perl-2.6.6-17.el5_9.1.i386.rpm libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm pidgin-2.6.6-17.el5_9.1.i386.rpm pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm pidgin-perl-2.6.6-17.el5_9.1.i386.rpm finch-devel-2.6.6-17.el5_9.1.i386.rpm libpurple-devel-2.6.6-17.el5_9.1.i386.rpm pidgin-devel-2.6.6-17.el5_9.1.i386.rpm SL6 x86_64 libpurple-2.7.9-10.el6_4.1.i686.rpm libpurple-2.7.9-10.el6_4.1.x86_64.rpm pidgin-2.7.9-10.el6_4.1.x86_64.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm finch-2.7.9-10.el6_4.1.i686.rpm finch-2.7.9-10.el6_4.1.x86_64.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm i386 libpurple-2.7.9-10.el6_4.1.i686.rpm pidgin-2.7.9-10.el6_4.1.i686.rpm pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm finch-2.7.9-10.el6_4.1.i686.rpm finch-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-devel-2.7.9-10.el6_4.1.i686.rpm libpurple-perl-2.7.9-10.el6_4.1.i686.rpm libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm pidgin-devel-2.7.9-10.el6_4.1.i686.rpm pidgin-docs-2.7.9-10.el6_4.1.i686.rpm pidgin-perl-2.7.9-10.el6_4.1.i686.rpm - Scientific Linux Development Team