SciLinux: CVE-2009-1889 Moderate: pidgin SL4.x, SL5.x i386/x86

Date:         Thu, 2 Jul 2009 16:48:28 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: pidgin on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: pidgin security and bug fix update
Issue date:	2009-07-02
CVE Names:	CVE-2009-1889

A denial of service flaw was found in the Pidgin OSCAR protocol
implementation. If a remote ICQ user sent a web message to a local 
Pidgin user using this protocol, it would cause excessive memory usage, 
leading to a denial of service (Pidgin crash). (CVE-2009-1889)

These updated packages also fix the following bug:

* the Yahoo! Messenger Protocol changed, making it incompatible (and
unusable) with Pidgin versions prior to 2.5.7. This update provides 
Pidgin 2.5.8, which implements version 16 of the Yahoo! Messenger 
Protocol, which resolves this issue.

Note: These packages upgrade Pidgin to version 2.5.8.

Pidgin must be restarted for this update to take effect.

SL 4.x

      SRPMS:
pidgin-2.5.8-1.el4.src.rpm
      i386:
finch-2.5.8-1.el4.i386.rpm
finch-devel-2.5.8-1.el4.i386.rpm
libpurple-2.5.8-1.el4.i386.rpm
libpurple-devel-2.5.8-1.el4.i386.rpm
libpurple-perl-2.5.8-1.el4.i386.rpm
libpurple-tcl-2.5.8-1.el4.i386.rpm
pidgin-2.5.8-1.el4.i386.rpm
pidgin-devel-2.5.8-1.el4.i386.rpm
pidgin-perl-2.5.8-1.el4.i386.rpm
      x86_64:
finch-2.5.8-1.el4.x86_64.rpm
finch-devel-2.5.8-1.el4.x86_64.rpm
libpurple-2.5.8-1.el4.x86_64.rpm
libpurple-devel-2.5.8-1.el4.x86_64.rpm
libpurple-perl-2.5.8-1.el4.x86_64.rpm
libpurple-tcl-2.5.8-1.el4.x86_64.rpm
pidgin-2.5.8-1.el4.x86_64.rpm
pidgin-devel-2.5.8-1.el4.x86_64.rpm
pidgin-perl-2.5.8-1.el4.x86_64.rpm

SL 5.x

      SRPMS:
pidgin-2.5.8-1.el5.src.rpm
      i386:
finch-2.5.8-1.el5.i386.rpm
finch-devel-2.5.8-1.el5.i386.rpm
libpurple-2.5.8-1.el5.i386.rpm
libpurple-devel-2.5.8-1.el5.i386.rpm
libpurple-perl-2.5.8-1.el5.i386.rpm
libpurple-tcl-2.5.8-1.el5.i386.rpm
pidgin-2.5.8-1.el5.i386.rpm
pidgin-devel-2.5.8-1.el5.i386.rpm
pidgin-perl-2.5.8-1.el5.i386.rpm
      x86_64:
finch-2.5.8-1.el5.i386.rpm
finch-2.5.8-1.el5.x86_64.rpm
finch-devel-2.5.8-1.el5.i386.rpm
finch-devel-2.5.8-1.el5.x86_64.rpm
libpurple-2.5.8-1.el5.i386.rpm
libpurple-2.5.8-1.el5.x86_64.rpm
libpurple-devel-2.5.8-1.el5.i386.rpm
libpurple-devel-2.5.8-1.el5.x86_64.rpm
libpurple-perl-2.5.8-1.el5.x86_64.rpm
libpurple-tcl-2.5.8-1.el5.x86_64.rpm
pidgin-2.5.8-1.el5.i386.rpm
pidgin-2.5.8-1.el5.x86_64.rpm
pidgin-devel-2.5.8-1.el5.i386.rpm
pidgin-devel-2.5.8-1.el5.x86_64.rpm
pidgin-perl-2.5.8-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

Date: Thu, 2 Jul 2009 16:48:28 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: pidgin on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: pidgin security and bug fix updateIssue date: 2009-07-02CVE Names: CVE-2009-1889A denial of service flaw was found in the Pidgin OSCAR protocolimplementation. If a remote ICQ user sent a web message to a local Pidgin user using this protocol, it would cause excessive memory usage, leading to a denial of service (Pidgin crash). (CVE-2009-1889)These updated packages also fix the following bug:* the Yahoo! Messenger Protocol changed, making it incompatible (andunusable) with Pidgin versions prior to 2.5.7. This update provides Pidgin 2.5.8, which implements version 16 of the Yahoo! Messenger Protocol, which resolves this issue.Note: These packages upgrade Pidgin to version 2.5.8.Pidgin must be restarted for this update to take effect.SL 4.x SRPMS:pidgin-2.5.8-1.el4.src.rpm i386:finch-2.5.8-1.el4.i386.rpmfinch-devel-2.5.8-1.el4.i386.rpmlibpurple-2.5.8-1.el4.i386.rpmlibpurple-devel-2.5.8-1.el4.i386.rpmlibpurple-perl-2.5.8-1.el4.i386.rpmlibpurple-tcl-2.5.8-1.el4.i386.rpmpidgin-2.5.8-1.el4.i386.rpmpidgin-devel-2.5.8-1.el4.i386.rpmpidgin-perl-2.5.8-1.el4.i386.rpm x86_64:finch-2.5.8-1.el4.x86_64.rpmfinch-devel-2.5.8-1.el4.x86_64.rpmlibpurple-2.5.8-1.el4.x86_64.rpmlibpurple-devel-2.5.8-1.el4.x86_64.rpmlibpurple-perl-2.5.8-1.el4.x86_64.rpmlibpurple-tcl-2.5.8-1.el4.x86_64.rpmpidgin-2.5.8-1.el4.x86_64.rpmpidgin-devel-2.5.8-1.el4.x86_64.rpmpidgin-perl-2.5.8-1.el4.x86_64.rpmSL 5.x SRPMS:pidgin-2.5.8-1.el5.src.rpm i386:finch-2.5.8-1.el5.i386.rpmfinch-devel-2.5.8-1.el5.i386.rpmlibpurple-2.5.8-1.el5.i386.rpmlibpurple-devel-2.5.8-1.el5.i386.rpmlibpurple-perl-2.5.8-1.el5.i386.rpmlibpurple-tcl-2.5.8-1.el5.i386.rpmpidgin-2.5.8-1.el5.i386.rpmpidgin-devel-2.5.8-1.el5.i386.rpmpidgin-perl-2.5.8-1.el5.i386.rpm x86_64:finch-2.5.8-1.el5.i386.rpmfinch-2.5.8-1.el5.x86_64.rpmfinch-devel-2.5.8-1.el5.i386.rpmfinch-devel-2.5.8-1.el5.x86_64.rpmlibpurple-2.5.8-1.el5.i386.rpmlibpurple-2.5.8-1.el5.x86_64.rpmlibpurple-devel-2.5.8-1.el5.i386.rpmlibpurple-devel-2.5.8-1.el5.x86_64.rpmlibpurple-perl-2.5.8-1.el5.x86_64.rpmlibpurple-tcl-2.5.8-1.el5.x86_64.rpmpidgin-2.5.8-1.el5.i386.rpmpidgin-2.5.8-1.el5.x86_64.rpmpidgin-devel-2.5.8-1.el5.i386.rpmpidgin-devel-2.5.8-1.el5.x86_64.rpmpidgin-perl-2.5.8-1.el5.x86_64.rpm-Connie Sieh-Troy Dawson

SciLinux: CVE-2009-1889 Moderate: pidgin SL4.x, SL5.x i386/x86_64

Summary

Security Fixes

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By