SciLinux: CVE-2009-1889 Moderate: pidgin SL4.x, SL5.x i386/x86_64
Summary
Date: Thu, 2 Jul 2009 16:48:28 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: pidgin on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: pidgin security and bug fix updateIssue date: 2009-07-02CVE Names: CVE-2009-1889A denial of service flaw was found in the Pidgin OSCAR protocolimplementation. If a remote ICQ user sent a web message to a local Pidgin user using this protocol, it would cause excessive memory usage, leading to a denial of service (Pidgin crash). (CVE-2009-1889)These updated packages also fix the following bug:* the Yahoo! Messenger Protocol changed, making it incompatible (andunusable) with Pidgin versions prior to 2.5.7. This update provides Pidgin 2.5.8, which implements version 16 of the Yahoo! Messenger Protocol, which resolves this issue.Note: These packages upgrade Pidgin to version 2.5.8.Pidgin must be restarted for this update to take effect.SL 4.x SRPMS:pidgin-2.5.8-1.el4.src.rpm i386:finch-2.5.8-1.el4.i386.rpmfinch-devel-2.5.8-1.el4.i386.rpmlibpurple-2.5.8-1.el4.i386.rpmlibpurple-devel-2.5.8-1.el4.i386.rpmlibpurple-perl-2.5.8-1.el4.i386.rpmlibpurple-tcl-2.5.8-1.el4.i386.rpmpidgin-2.5.8-1.el4.i386.rpmpidgin-devel-2.5.8-1.el4.i386.rpmpidgin-perl-2.5.8-1.el4.i386.rpm x86_64:finch-2.5.8-1.el4.x86_64.rpmfinch-devel-2.5.8-1.el4.x86_64.rpmlibpurple-2.5.8-1.el4.x86_64.rpmlibpurple-devel-2.5.8-1.el4.x86_64.rpmlibpurple-perl-2.5.8-1.el4.x86_64.rpmlibpurple-tcl-2.5.8-1.el4.x86_64.rpmpidgin-2.5.8-1.el4.x86_64.rpmpidgin-devel-2.5.8-1.el4.x86_64.rpmpidgin-perl-2.5.8-1.el4.x86_64.rpmSL 5.x SRPMS:pidgin-2.5.8-1.el5.src.rpm i386:finch-2.5.8-1.el5.i386.rpmfinch-devel-2.5.8-1.el5.i386.rpmlibpurple-2.5.8-1.el5.i386.rpmlibpurple-devel-2.5.8-1.el5.i386.rpmlibpurple-perl-2.5.8-1.el5.i386.rpmlibpurple-tcl-2.5.8-1.el5.i386.rpmpidgin-2.5.8-1.el5.i386.rpmpidgin-devel-2.5.8-1.el5.i386.rpmpidgin-perl-2.5.8-1.el5.i386.rpm x86_64:finch-2.5.8-1.el5.i386.rpmfinch-2.5.8-1.el5.x86_64.rpmfinch-devel-2.5.8-1.el5.i386.rpmfinch-devel-2.5.8-1.el5.x86_64.rpmlibpurple-2.5.8-1.el5.i386.rpmlibpurple-2.5.8-1.el5.x86_64.rpmlibpurple-devel-2.5.8-1.el5.i386.rpmlibpurple-devel-2.5.8-1.el5.x86_64.rpmlibpurple-perl-2.5.8-1.el5.x86_64.rpmlibpurple-tcl-2.5.8-1.el5.x86_64.rpmpidgin-2.5.8-1.el5.i386.rpmpidgin-2.5.8-1.el5.x86_64.rpmpidgin-devel-2.5.8-1.el5.i386.rpmpidgin-devel-2.5.8-1.el5.x86_64.rpmpidgin-perl-2.5.8-1.el5.x86_64.rpm-Connie Sieh-Troy Dawson