Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

Scientific Linux: Pidgin Update for CVE-2008-2927 Critical Code Issue

Scientific Large Esm H446
Important: pidgin security and bug fix update
Date: Fri, 11 Jul 2008 16:06:25 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security errata for pidgin on SL 3.0.x, SL 4.x, SL 5.x
Comments: To: scientific 

Synopsis: Important: pidgin security and bug fix update
CVE Names: CVE-2008-2927
Description:

An integer overflow flaw was found in Pidgin's MSN protocol handler. If a
user received a malicious MSN message, it was possible to execute arbitrary
code with the permissions of the user running Pidgin. (CVE-2008-2927)

Note: the default Pidgin privacy setting only allows messages from users in
the buddy list. This prevents arbitrary MSN users from exploiting this
flaw.

This update also addresses the following bug:

* when attempting to connect to the ICQ network, Pidgin would fail to
connect, present an alert saying the "The client version you are using is
too old", and de-activate the ICQ account. This update restores Pidgin's
ability to connect to the ICQ network.

SL 3:

 Source:
 	pidgin-1.5.1-2.el3.src.rpm

 x86_64:
 	pidgin-1.5.1-2.el3.x86_64.rpm

SL 4:

 Source:
 	pidgin-1.5.1-2.el4.src.rpm

 i386:
 	pidgin-1.5.1-2.el4.i386.rpm

 x86_64:
 	pidgin-1.5.1-2.el4.x86_64.rpm

SL 5:

 Source:
 	pidgin-2.3.1-2.el5_2.src.rpm

 i386:
 	finch-2.3.1-2.el5_2.i386.rpm
 	finch-devel-2.3.1-2.el5_2.i386.rpm
 	libpurple-2.3.1-2.el5_2.i386.rpm
 	libpurple-devel-2.3.1-2.el5_2.i386.rpm
 	libpurple-perl-2.3.1-2.el5_2.i386.rpm
 	libpurple-tcl-2.3.1-2.el5_2.i386.rpm
 	pidgin-2.3.1-2.el5_2.i386.rpm
 	pidgin-perl-2.3.1-2.el5_2.i386.rpm
 	pidgin-devel-2.3.1-2.el5_2.i386.rpm

 x86_64:
 	finch-2.3.1-2.el5_2.i386.rpm
 	finch-2.3.1-2.el5_2.x86_64.rpm
 	finch-devel-2.3.1-2.el5_2.i386.rpm
 	finch-devel-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-2.3.1-2.el5_2.i386.rpm
 	libpurple-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-devel-2.3.1-2.el5_2.i386.rpm
 	libpurple-devel-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-perl-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-tcl-2.3.1-2.el5_2.x86_64.rpm
 	pidgin-2.3.1-2.el5_2.i386.rpm
 	pidgin-2.3.1-2.el5_2.x86_64.rpm
 	pidgin-devel-2.3.1-2.el5_2.i386.rpm
 	pidgin-devel-2.3.1-2.el5_2.x86_64.rpm
 	pidgin-perl-2.3.1-2.el5_2.x86_64.rpm

-Connie Sieh