What Are You Looking For?

Sign Up
Date:         Fri, 11 Jul 2008 16:06:25 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      Security errata for pidgin on SL 3.0.x , SL 4.x , SL 5.x
Comments: To: scientific 

Synopsis:          Important: pidgin security and bug fix update
CVE Names:         CVE-2008-2927
Description:

An integer overflow flaw was found in Pidgin's MSN protocol handler. If a
user received a malicious MSN message, it was possible to execute arbitrary
code with the permissions of the user running Pidgin. (CVE-2008-2927)

Note: the default Pidgin privacy setting only allows messages from users in
the buddy list. This prevents arbitrary MSN users from exploiting this
flaw.

This update also addresses the following bug:

* when attempting to connect to the ICQ network, Pidgin would fail to
connect, present an alert saying the "The client version you are using is
too old", and de-activate the ICQ account. This update restores Pidgin's
ability to connect to the ICQ network.

SL 3:

   Source:
 	pidgin-1.5.1-2.el3.src.rpm

   x86_64:
 	pidgin-1.5.1-2.el3.x86_64.rpm

SL 4:

   Source:
 	pidgin-1.5.1-2.el4.src.rpm

   i386:
 	pidgin-1.5.1-2.el4.i386.rpm

   x86_64:
 	pidgin-1.5.1-2.el4.x86_64.rpm

SL 5:

   Source:
 	pidgin-2.3.1-2.el5_2.src.rpm

   i386:
 	finch-2.3.1-2.el5_2.i386.rpm
 	finch-devel-2.3.1-2.el5_2.i386.rpm
 	libpurple-2.3.1-2.el5_2.i386.rpm
 	libpurple-devel-2.3.1-2.el5_2.i386.rpm
 	libpurple-perl-2.3.1-2.el5_2.i386.rpm
 	libpurple-tcl-2.3.1-2.el5_2.i386.rpm
 	pidgin-2.3.1-2.el5_2.i386.rpm
 	pidgin-perl-2.3.1-2.el5_2.i386.rpm
 	pidgin-devel-2.3.1-2.el5_2.i386.rpm

   x86_64:
 	finch-2.3.1-2.el5_2.i386.rpm
 	finch-2.3.1-2.el5_2.x86_64.rpm
 	finch-devel-2.3.1-2.el5_2.i386.rpm
 	finch-devel-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-2.3.1-2.el5_2.i386.rpm
 	libpurple-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-devel-2.3.1-2.el5_2.i386.rpm
 	libpurple-devel-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-perl-2.3.1-2.el5_2.x86_64.rpm
 	libpurple-tcl-2.3.1-2.el5_2.x86_64.rpm
 	pidgin-2.3.1-2.el5_2.i386.rpm
 	pidgin-2.3.1-2.el5_2.x86_64.rpm
 	pidgin-devel-2.3.1-2.el5_2.i386.rpm
 	pidgin-devel-2.3.1-2.el5_2.x86_64.rpm
 	pidgin-perl-2.3.1-2.el5_2.x86_64.rpm

-Connie Sieh

SciLinux: CVE-2008-2927 pidgin SL 3.0.x , SL 4.x , SL 5.x

Important: pidgin security and bug fix update

Summary

Date:         Fri, 11 Jul 2008 16:06:25 -0500Reply-To:     Connie Sieh Sender:       Security Errata for Scientific Linux              From:         Connie Sieh Subject:      Security errata for pidgin on SL 3.0.x , SL 4.x , SL 5.xComments: To: scientific Synopsis:          Important: pidgin security and bug fix updateCVE Names:         CVE-2008-2927Description:An integer overflow flaw was found in Pidgin's MSN protocol handler. If auser received a malicious MSN message, it was possible to execute arbitrarycode with the permissions of the user running Pidgin. (CVE-2008-2927)Note: the default Pidgin privacy setting only allows messages from users inthe buddy list. This prevents arbitrary MSN users from exploiting thisflaw.This update also addresses the following bug:* when attempting to connect to the ICQ network, Pidgin would fail toconnect, present an alert saying the "The client version you are using istoo old", and de-activate the ICQ account. This update restores Pidgin'sability to connect to the ICQ network.SL 3:   Source: 	pidgin-1.5.1-2.el3.src.rpm   x86_64: 	pidgin-1.5.1-2.el3.x86_64.rpmSL 4:   Source: 	pidgin-1.5.1-2.el4.src.rpm   i386: 	pidgin-1.5.1-2.el4.i386.rpm   x86_64: 	pidgin-1.5.1-2.el4.x86_64.rpmSL 5:   Source: 	pidgin-2.3.1-2.el5_2.src.rpm   i386: 	finch-2.3.1-2.el5_2.i386.rpm 	finch-devel-2.3.1-2.el5_2.i386.rpm 	libpurple-2.3.1-2.el5_2.i386.rpm 	libpurple-devel-2.3.1-2.el5_2.i386.rpm 	libpurple-perl-2.3.1-2.el5_2.i386.rpm 	libpurple-tcl-2.3.1-2.el5_2.i386.rpm 	pidgin-2.3.1-2.el5_2.i386.rpm 	pidgin-perl-2.3.1-2.el5_2.i386.rpm 	pidgin-devel-2.3.1-2.el5_2.i386.rpm   x86_64: 	finch-2.3.1-2.el5_2.i386.rpm 	finch-2.3.1-2.el5_2.x86_64.rpm 	finch-devel-2.3.1-2.el5_2.i386.rpm 	finch-devel-2.3.1-2.el5_2.x86_64.rpm 	libpurple-2.3.1-2.el5_2.i386.rpm 	libpurple-2.3.1-2.el5_2.x86_64.rpm 	libpurple-devel-2.3.1-2.el5_2.i386.rpm 	libpurple-devel-2.3.1-2.el5_2.x86_64.rpm 	libpurple-perl-2.3.1-2.el5_2.x86_64.rpm 	libpurple-tcl-2.3.1-2.el5_2.x86_64.rpm 	pidgin-2.3.1-2.el5_2.i386.rpm 	pidgin-2.3.1-2.el5_2.x86_64.rpm 	pidgin-devel-2.3.1-2.el5_2.i386.rpm 	pidgin-devel-2.3.1-2.el5_2.x86_64.rpm 	pidgin-perl-2.3.1-2.el5_2.x86_64.rpm-Connie Sieh



Security Fixes

Severity

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo