Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 11 Pidgin Update 2009-10662 Critical: Instant Messaging Crash

fedora
Calendar Grey October 20, 2009
Dist Fedora Esm H88
Important patch release for Pidgin on Fedora 11 concerning CVE-2009-3615. Comprehensive instructions for installation provided below.
CVE-2009-3615

Summary

Pidgin allows you to talk to anyone using a variety of messaging

protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,

ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and

Zephyr. These protocols are implemented using a modular, easy to

use design. To use a protocol, just add an account using the

account editor.

Pidgin supports many common features of other clients, as well as many

unique features, such as perl scripting, TCL scripting and C plugins.

Pidgin is not affiliated with or endorsed by America Online, Inc.,

Microsoft Corporation, Yahoo! Inc., or ICQ Inc.

Update Information:

CVE-2009-3615

Topics%20covered

Topics Covered

security advisory critical software update Fedora instant messaging pidgin crash

Change Log

* Mon Oct 19 2009 Warren Togami 2.6.3-2 - Upstream backport: 3abad7606f4a2dfd1903df796f33924b12509a56 msn_servconn_disconnect-crash * Fri Oct 16 2009 Warren Togami 2.6.3-1 - 2.6.3 CVE-2009-3615 * Wed Sep 9 2009 Warren Togami 2.6.2-2 - Upstream backports: 97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab 37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time 40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid * Sun Sep 6 2009 Stu Tomlinson 2.6.2-1.1 - VV support needs to be explicitly disabled on F10 * Sun Sep 6 2009 Stu Tomlinson 2.6.2-1 - 2.6.2 Fixes a number of crashes - CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085 * Wed Aug 19 2009 Warren Togami 2.6.1-1 - 2.6.1: Fix a crash when some users send you a link in a Yahoo IM * Tue Aug 18 2009 Warren Togami 2.6.0-1 - CVE-2009-2694 - Voice and Video support via farsight2 (Fedora 11+) - Numerous other bug fixes * Thu Aug 6 2009 Warren Togami 2.6.0-0.11.20090812 - new snapshot at the request of maiku * Thu Aug 6 2009 Warren Togami 2.6.0-0.10.20090806 - new snapshot - theoretically better sound quality in voice chat * Tue Aug 4 2009 Warren Togami 2.6.0-0.9.20090804 - new snapshot * Mon Jul 27 2009 Warren Togami 2.6.0-0.8.20090727 - new snapshot * Mon Jul 27 2009 Stu Tomlinson 2.6.0-0.6.20090721 - Prevent main libpurple & pidgin packages depending on perl (#513902) * Sun Jul 26 2009 Fedora Release Engineering - 2.6.0-0.5.20090721 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Warren Togami 2.6.0-0.4.20090721 - rebuild * Tue Jul 21 2009 Warren Togami 2.6.0-0.3.20090721 - prevent crash with no camera when closing vv window * Tue Jul 21 2009 Warren Togami 2.6.0-0.1.20090721 - 2.6.0 snapshot with voice and video support via farsight2 * Sat Jul 11 2009 Stu Tomlison 2.5.8-2 - Backport patch from upstream to enable NSS to recognize root CA certificates that use MD2 & MD4 algorithms in their signature, as used by some MSN and XMPP servers* Sun Jun 28 2009 Warren Togami 2.5.8-1 - 2.5.8 with several important bug fixes * Mon Jun 22 2009 Warren Togami 2.5.7-2 - glib2 compat with RHEL-4 * Sat Jun 20 2009 Warren Togami 2.5.7-1 - 2.5.7 with Yahoo Protocol 16 support * Wed May 20 2009 Stu Tomlinson 2.5.6-1 - 2.5.6 * Mon Apr 20 2009 Warren Togami 2.5.5-3 - F12+ removed krb4

References


[ 1 ] Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer dereference (crash) after receiving contacts from SIM IM client https://bugzilla.redhat.com/show_bug.cgi?id=529357

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pidgin' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pidgin
Product: Fedora 11
Version: 2.6.3
Release: 2.fc11
URL: http://pidgin.im/
Summary: A Gtk+ based multiprotocol instant messaging client

Topics%20covered

Topics Covered

security advisory critical software update Fedora instant messaging pidgin crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here