LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: pidgin security update
Issue Date:        2013-03-14
CVE Numbers:       CVE-2013-0272
                    CVE-2013-0273
                    CVE-2013-0274
--

A stack-based buffer overflow flaw was found in the Pidgin MXit protocol
plug-in. A malicious server or a remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)

A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.
A malicious server or a remote attacker could use this flaw to crash
Pidgin by sending a specially-crafted username. (CVE-2013-0273)

A buffer overflow flaw was found in the way Pidgin processed certain UPnP
responses. A remote attacker could send a specially-crafted UPnP response
that, when processed, would crash Pidgin. (CVE-2013-0274)

Pidgin must be restarted for this update to take effect.
--

SL5
   x86_64
     finch-2.6.6-17.el5_9.1.i386.rpm
     finch-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-2.6.6-17.el5_9.1.i386.rpm
     libpurple-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-2.6.6-17.el5_9.1.i386.rpm
     pidgin-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm
     finch-devel-2.6.6-17.el5_9.1.i386.rpm
     finch-devel-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
     libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
     pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm
   i386
     finch-2.6.6-17.el5_9.1.i386.rpm
     libpurple-2.6.6-17.el5_9.1.i386.rpm
     libpurple-perl-2.6.6-17.el5_9.1.i386.rpm
     libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm
     pidgin-2.6.6-17.el5_9.1.i386.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
     pidgin-perl-2.6.6-17.el5_9.1.i386.rpm
     finch-devel-2.6.6-17.el5_9.1.i386.rpm
     libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
     pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
SL6
   x86_64
     libpurple-2.7.9-10.el6_4.1.i686.rpm
     libpurple-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm
     finch-2.7.9-10.el6_4.1.i686.rpm
     finch-2.7.9-10.el6_4.1.x86_64.rpm
     finch-devel-2.7.9-10.el6_4.1.i686.rpm
     finch-devel-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
     pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm
   i386
     libpurple-2.7.9-10.el6_4.1.i686.rpm
     pidgin-2.7.9-10.el6_4.1.i686.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
     finch-2.7.9-10.el6_4.1.i686.rpm
     finch-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-perl-2.7.9-10.el6_4.1.i686.rpm
     libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm
     pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
     pidgin-docs-2.7.9-10.el6_4.1.i686.rpm
     pidgin-perl-2.7.9-10.el6_4.1.i686.rpm

- Scientific Linux Development Team