What Are You Looking For?

Sign Up
Date:         Mon, 2 Nov 2009 13:35:33 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: pidgin on SL3.x, SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: pidgin security update
Issue date:	2009-10-29
CVE Names:	CVE-2009-2703 CVE-2009-3083 CVE-2009-3615

An invalid pointer dereference bug was found in the way the Pidgin OSCAR
protocol implementation processed lists of contacts. A remote attacker
could send a specially-crafted contact list to a user running Pidgin,
causing Pidgin to crash. (CVE-2009-3615)

A NULL pointer dereference flaw was found in the way the Pidgin IRC
protocol plug-in handles IRC topics. A malicious IRC server could send a
specially-crafted IRC TOPIC message, which once received by Pidgin, 
would lead to a denial of service (Pidgin crash). (CVE-2009-2703) - SL3 only

A NULL pointer dereference flaw was found in the way the Pidgin MSN
protocol plug-in handles improper MSNSLP invitations. A remote attacker
could send a specially-crafted MSNSLP invitation request, which once
accepted by a valid Pidgin user, would lead to a denial of service 
(Pidgin crash). (CVE-2009-3083) - SL3 only

Pidgin must be restarted for this update to take effect.

SL 3.0.x

       SRPMS:
pidgin-1.5.1-6.el3.src.rpm
       i386:
pidgin-1.5.1-6.el3.i386.rpm
       x86_64:
pidgin-1.5.1-6.el3.x86_64.rpm

SL 4.x

       SRPMS:
pidgin-2.6.3-2.el4.src.rpm
       i386:
finch-2.6.3-2.el4.i386.rpm
finch-devel-2.6.3-2.el4.i386.rpm
libpurple-2.6.3-2.el4.i386.rpm
libpurple-devel-2.6.3-2.el4.i386.rpm
libpurple-perl-2.6.3-2.el4.i386.rpm
libpurple-tcl-2.6.3-2.el4.i386.rpm
pidgin-2.6.3-2.el4.i386.rpm
pidgin-devel-2.6.3-2.el4.i386.rpm
pidgin-perl-2.6.3-2.el4.i386.rpm
       x86_64:
finch-2.6.3-2.el4.x86_64.rpm
finch-devel-2.6.3-2.el4.x86_64.rpm
libpurple-2.6.3-2.el4.x86_64.rpm
libpurple-devel-2.6.3-2.el4.x86_64.rpm
libpurple-perl-2.6.3-2.el4.x86_64.rpm
libpurple-tcl-2.6.3-2.el4.x86_64.rpm
pidgin-2.6.3-2.el4.x86_64.rpm
pidgin-devel-2.6.3-2.el4.x86_64.rpm
pidgin-perl-2.6.3-2.el4.x86_64.rpm

SL 5.x

       SRPMS:
pidgin-2.6.3-2.el5.src.rpm
       i386:
finch-2.6.3-2.el5.i386.rpm
finch-devel-2.6.3-2.el5.i386.rpm
libpurple-2.6.3-2.el5.i386.rpm
libpurple-devel-2.6.3-2.el5.i386.rpm
libpurple-perl-2.6.3-2.el5.i386.rpm
libpurple-tcl-2.6.3-2.el5.i386.rpm
pidgin-2.6.3-2.el5.i386.rpm
pidgin-devel-2.6.3-2.el5.i386.rpm
pidgin-perl-2.6.3-2.el5.i386.rpm
       x86_64:
finch-2.6.3-2.el5.i386.rpm
finch-2.6.3-2.el5.x86_64.rpm
finch-devel-2.6.3-2.el5.i386.rpm
finch-devel-2.6.3-2.el5.x86_64.rpm
libpurple-2.6.3-2.el5.i386.rpm
libpurple-2.6.3-2.el5.x86_64.rpm
libpurple-devel-2.6.3-2.el5.i386.rpm
libpurple-devel-2.6.3-2.el5.x86_64.rpm
libpurple-perl-2.6.3-2.el5.x86_64.rpm
libpurple-tcl-2.6.3-2.el5.x86_64.rpm
pidgin-2.6.3-2.el5.i386.rpm
pidgin-2.6.3-2.el5.x86_64.rpm
pidgin-devel-2.6.3-2.el5.i386.rpm
pidgin-devel-2.6.3-2.el5.x86_64.rpm
pidgin-perl-2.6.3-2.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-2703 Moderate: pidgin SL3.x, SL4.x,

Moderate: pidgin security update

Summary

Date:         Mon, 2 Nov 2009 13:35:33 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Moderate: pidgin on SL3.x, SL4.x,              SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: pidgin security updateIssue date:	2009-10-29CVE Names:	CVE-2009-2703 CVE-2009-3083 CVE-2009-3615An invalid pointer dereference bug was found in the way the Pidgin OSCARprotocol implementation processed lists of contacts. A remote attackercould send a specially-crafted contact list to a user running Pidgin,causing Pidgin to crash. (CVE-2009-3615)A NULL pointer dereference flaw was found in the way the Pidgin IRCprotocol plug-in handles IRC topics. A malicious IRC server could send aspecially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) - SL3 onlyA NULL pointer dereference flaw was found in the way the Pidgin MSNprotocol plug-in handles improper MSNSLP invitations. A remote attackercould send a specially-crafted MSNSLP invitation request, which onceaccepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) - SL3 onlyPidgin must be restarted for this update to take effect.SL 3.0.x       SRPMS:pidgin-1.5.1-6.el3.src.rpm       i386:pidgin-1.5.1-6.el3.i386.rpm       x86_64:pidgin-1.5.1-6.el3.x86_64.rpmSL 4.x       SRPMS:pidgin-2.6.3-2.el4.src.rpm       i386:finch-2.6.3-2.el4.i386.rpmfinch-devel-2.6.3-2.el4.i386.rpmlibpurple-2.6.3-2.el4.i386.rpmlibpurple-devel-2.6.3-2.el4.i386.rpmlibpurple-perl-2.6.3-2.el4.i386.rpmlibpurple-tcl-2.6.3-2.el4.i386.rpmpidgin-2.6.3-2.el4.i386.rpmpidgin-devel-2.6.3-2.el4.i386.rpmpidgin-perl-2.6.3-2.el4.i386.rpm       x86_64:finch-2.6.3-2.el4.x86_64.rpmfinch-devel-2.6.3-2.el4.x86_64.rpmlibpurple-2.6.3-2.el4.x86_64.rpmlibpurple-devel-2.6.3-2.el4.x86_64.rpmlibpurple-perl-2.6.3-2.el4.x86_64.rpmlibpurple-tcl-2.6.3-2.el4.x86_64.rpmpidgin-2.6.3-2.el4.x86_64.rpmpidgin-devel-2.6.3-2.el4.x86_64.rpmpidgin-perl-2.6.3-2.el4.x86_64.rpmSL 5.x       SRPMS:pidgin-2.6.3-2.el5.src.rpm       i386:finch-2.6.3-2.el5.i386.rpmfinch-devel-2.6.3-2.el5.i386.rpmlibpurple-2.6.3-2.el5.i386.rpmlibpurple-devel-2.6.3-2.el5.i386.rpmlibpurple-perl-2.6.3-2.el5.i386.rpmlibpurple-tcl-2.6.3-2.el5.i386.rpmpidgin-2.6.3-2.el5.i386.rpmpidgin-devel-2.6.3-2.el5.i386.rpmpidgin-perl-2.6.3-2.el5.i386.rpm       x86_64:finch-2.6.3-2.el5.i386.rpmfinch-2.6.3-2.el5.x86_64.rpmfinch-devel-2.6.3-2.el5.i386.rpmfinch-devel-2.6.3-2.el5.x86_64.rpmlibpurple-2.6.3-2.el5.i386.rpmlibpurple-2.6.3-2.el5.x86_64.rpmlibpurple-devel-2.6.3-2.el5.i386.rpmlibpurple-devel-2.6.3-2.el5.x86_64.rpmlibpurple-perl-2.6.3-2.el5.x86_64.rpmlibpurple-tcl-2.6.3-2.el5.x86_64.rpmpidgin-2.6.3-2.el5.i386.rpmpidgin-2.6.3-2.el5.x86_64.rpmpidgin-devel-2.6.3-2.el5.i386.rpmpidgin-devel-2.6.3-2.el5.x86_64.rpmpidgin-perl-2.6.3-2.el5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo