SciLinux: CVE-2009-2703 Moderate: pidgin SL3.x, SL4.x,
Summary
Date: Mon, 2 Nov 2009 13:35:33 -0600Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: pidgin on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: pidgin security updateIssue date: 2009-10-29CVE Names: CVE-2009-2703 CVE-2009-3083 CVE-2009-3615An invalid pointer dereference bug was found in the way the Pidgin OSCARprotocol implementation processed lists of contacts. A remote attackercould send a specially-crafted contact list to a user running Pidgin,causing Pidgin to crash. (CVE-2009-3615)A NULL pointer dereference flaw was found in the way the Pidgin IRCprotocol plug-in handles IRC topics. A malicious IRC server could send aspecially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) - SL3 onlyA NULL pointer dereference flaw was found in the way the Pidgin MSNprotocol plug-in handles improper MSNSLP invitations. A remote attackercould send a specially-crafted MSNSLP invitation request, which onceaccepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) - SL3 onlyPidgin must be restarted for this update to take effect.SL 3.0.x SRPMS:pidgin-1.5.1-6.el3.src.rpm i386:pidgin-1.5.1-6.el3.i386.rpm x86_64:pidgin-1.5.1-6.el3.x86_64.rpmSL 4.x SRPMS:pidgin-2.6.3-2.el4.src.rpm i386:finch-2.6.3-2.el4.i386.rpmfinch-devel-2.6.3-2.el4.i386.rpmlibpurple-2.6.3-2.el4.i386.rpmlibpurple-devel-2.6.3-2.el4.i386.rpmlibpurple-perl-2.6.3-2.el4.i386.rpmlibpurple-tcl-2.6.3-2.el4.i386.rpmpidgin-2.6.3-2.el4.i386.rpmpidgin-devel-2.6.3-2.el4.i386.rpmpidgin-perl-2.6.3-2.el4.i386.rpm x86_64:finch-2.6.3-2.el4.x86_64.rpmfinch-devel-2.6.3-2.el4.x86_64.rpmlibpurple-2.6.3-2.el4.x86_64.rpmlibpurple-devel-2.6.3-2.el4.x86_64.rpmlibpurple-perl-2.6.3-2.el4.x86_64.rpmlibpurple-tcl-2.6.3-2.el4.x86_64.rpmpidgin-2.6.3-2.el4.x86_64.rpmpidgin-devel-2.6.3-2.el4.x86_64.rpmpidgin-perl-2.6.3-2.el4.x86_64.rpmSL 5.x SRPMS:pidgin-2.6.3-2.el5.src.rpm i386:finch-2.6.3-2.el5.i386.rpmfinch-devel-2.6.3-2.el5.i386.rpmlibpurple-2.6.3-2.el5.i386.rpmlibpurple-devel-2.6.3-2.el5.i386.rpmlibpurple-perl-2.6.3-2.el5.i386.rpmlibpurple-tcl-2.6.3-2.el5.i386.rpmpidgin-2.6.3-2.el5.i386.rpmpidgin-devel-2.6.3-2.el5.i386.rpmpidgin-perl-2.6.3-2.el5.i386.rpm x86_64:finch-2.6.3-2.el5.i386.rpmfinch-2.6.3-2.el5.x86_64.rpmfinch-devel-2.6.3-2.el5.i386.rpmfinch-devel-2.6.3-2.el5.x86_64.rpmlibpurple-2.6.3-2.el5.i386.rpmlibpurple-2.6.3-2.el5.x86_64.rpmlibpurple-devel-2.6.3-2.el5.i386.rpmlibpurple-devel-2.6.3-2.el5.x86_64.rpmlibpurple-perl-2.6.3-2.el5.x86_64.rpmlibpurple-tcl-2.6.3-2.el5.x86_64.rpmpidgin-2.6.3-2.el5.i386.rpmpidgin-2.6.3-2.el5.x86_64.rpmpidgin-devel-2.6.3-2.el5.i386.rpmpidgin-devel-2.6.3-2.el5.x86_64.rpmpidgin-perl-2.6.3-2.el5.x86_64.rpm-Connie Sieh-Troy Dawson