Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Scientific Linux 2012-07-19 Moderate: Pidgin Remote Crash Risk

Scientific Large Esm H446
Moderate: pidgin security update
Date: Thu, 19 Jul 2012 16:08:52 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Patrick Riehecky 
Subject: Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: pidgin security update
Issue Date: 2012-07-19
CVE Numbers: CVE-2012-1178
 CVE-2012-2318
 CVE-2012-3374

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text
that was not encoded in UTF-8. A remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol
plug-in handled MSN notification messages. A malicious server or a remote
attacker could use this flaw to crash Pidgin by sending a specially-crafted
MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A
remote attacker could use this flaw to crash Pidgin by sending a MXit
message containing specially-crafted emoticon tags. (CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

SL5:
 i386
 finch-2.6.6-11.el5.4.i386.rpm
 finch-devel-2.6.6-11.el5.4.i386.rpm
 libpurple-2.6.6-11.el5.4.i386.rpm
 libpurple-devel-2.6.6-11.el5.4.i386.rpm
 libpurple-perl-2.6.6-11.el5.4.i386.rpm
 libpurple-tcl-2.6.6-11.el5.4.i386.rpm
 pidgin-2.6.6-11.el5.4.i386.rpm
 pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
 pidgin-devel-2.6.6-11.el5.4.i386.rpm
 pidgin-perl-2.6.6-11.el5.4.i386.rpm
 x86_64
 finch-2.6.6-11.el5.4.i386.rpm
 finch-2.6.6-11.el5.4.x86_64.rpm
 finch-devel-2.6.6-11.el5.4.i386.rpm
 finch-devel-2.6.6-11.el5.4.x86_64.rpm
 libpurple-2.6.6-11.el5.4.i386.rpm
 libpurple-2.6.6-11.el5.4.x86_64.rpm
 libpurple-devel-2.6.6-11.el5.4.i386.rpm
 libpurple-devel-2.6.6-11.el5.4.x86_64.rpm
 libpurple-perl-2.6.6-11.el5.4.x86_64.rpm
 libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm
 pidgin-2.6.6-11.el5.4.i386.rpm
 pidgin-2.6.6-11.el5.4.x86_64.rpm
 pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
 pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm
 pidgin-devel-2.6.6-11.el5.4.i386.rpm
 pidgin-devel-2.6.6-11.el5.4.x86_64.rpm
 pidgin-perl-2.6.6-11.el5.4.x86_64.rpm
SL6:
 i386
 finch-2.7.9-5.el6.2.i686.rpm
 finch-devel-2.7.9-5.el6.2.i686.rpm
 libpurple-2.7.9-5.el6.2.i686.rpm
 libpurple-devel-2.7.9-5.el6.2.i686.rpm
 libpurple-perl-2.7.9-5.el6.2.i686.rpm
 libpurple-tcl-2.7.9-5.el6.2.i686.rpm
 pidgin-2.7.9-5.el6.2.i686.rpm
 pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
 pidgin-devel-2.7.9-5.el6.2.i686.rpm
 pidgin-docs-2.7.9-5.el6.2.i686.rpm
 pidgin-perl-2.7.9-5.el6.2.i686.rpm
 x86_64
 finch-2.7.9-5.el6.2.i686.rpm
 finch-2.7.9-5.el6.2.x86_64.rpm
 finch-devel-2.7.9-5.el6.2.i686.rpm
 finch-devel-2.7.9-5.el6.2.x86_64.rpm
 libpurple-2.7.9-5.el6.2.i686.rpm
 libpurple-2.7.9-5.el6.2.x86_64.rpm
 libpurple-devel-2.7.9-5.el6.2.i686.rpm
 libpurple-devel-2.7.9-5.el6.2.x86_64.rpm
 libpurple-perl-2.7.9-5.el6.2.x86_64.rpm
 libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm
 pidgin-2.7.9-5.el6.2.x86_64.rpm
 pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
 pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm
 pidgin-devel-2.7.9-5.el6.2.i686.rpm
 pidgin-devel-2.7.9-5.el6.2.x86_64.rpm
 pidgin-docs-2.7.9-5.el6.2.x86_64.rpm
 pidgin-perl-2.7.9-5.el6.2.x86_64.rpm

- Scientific Linux Development Team
Your message here