Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Scientific Linux: CVE-2013-0272 Moderate Pidgin Buffer Overflow Threat

Scientific Large Esm H446
Moderate: pidgin security update
Date: Thu, 14 Mar 2013 16:07:21 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: pidgin security update
Issue Date: 2013-03-14
CVE Numbers: CVE-2013-0272
 CVE-2013-0273
 CVE-2013-0274
--

A stack-based buffer overflow flaw was found in the Pidgin MXit protocol
plug-in. A malicious server or a remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)

A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.
A malicious server or a remote attacker could use this flaw to crash
Pidgin by sending a specially-crafted username. (CVE-2013-0273)

A buffer overflow flaw was found in the way Pidgin processed certain UPnP
responses. A remote attacker could send a specially-crafted UPnP response
that, when processed, would crash Pidgin. (CVE-2013-0274)

Pidgin must be restarted for this update to take effect.
--

SL5
 x86_64
 finch-2.6.6-17.el5_9.1.i386.rpm
 finch-2.6.6-17.el5_9.1.x86_64.rpm
 libpurple-2.6.6-17.el5_9.1.i386.rpm
 libpurple-2.6.6-17.el5_9.1.x86_64.rpm
 libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm
 libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm
 pidgin-2.6.6-17.el5_9.1.i386.rpm
 pidgin-2.6.6-17.el5_9.1.x86_64.rpm
 pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
 pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm
 pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm
 finch-devel-2.6.6-17.el5_9.1.i386.rpm
 finch-devel-2.6.6-17.el5_9.1.x86_64.rpm
 libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
 libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm
 pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
 pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm
 i386
 finch-2.6.6-17.el5_9.1.i386.rpm
 libpurple-2.6.6-17.el5_9.1.i386.rpm
 libpurple-perl-2.6.6-17.el5_9.1.i386.rpm
 libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm
 pidgin-2.6.6-17.el5_9.1.i386.rpm
 pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
 pidgin-perl-2.6.6-17.el5_9.1.i386.rpm
 finch-devel-2.6.6-17.el5_9.1.i386.rpm
 libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
 pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
SL6
 x86_64
 libpurple-2.7.9-10.el6_4.1.i686.rpm
 libpurple-2.7.9-10.el6_4.1.x86_64.rpm
 pidgin-2.7.9-10.el6_4.1.x86_64.rpm
 pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
 pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm
 finch-2.7.9-10.el6_4.1.i686.rpm
 finch-2.7.9-10.el6_4.1.x86_64.rpm
 finch-devel-2.7.9-10.el6_4.1.i686.rpm
 finch-devel-2.7.9-10.el6_4.1.x86_64.rpm
 libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
 libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm
 libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm
 libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm
 pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
 pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm
 pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm
 pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm
 i386
 libpurple-2.7.9-10.el6_4.1.i686.rpm
 pidgin-2.7.9-10.el6_4.1.i686.rpm
 pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
 finch-2.7.9-10.el6_4.1.i686.rpm
 finch-devel-2.7.9-10.el6_4.1.i686.rpm
 libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
 libpurple-perl-2.7.9-10.el6_4.1.i686.rpm
 libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm
 pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
 pidgin-docs-2.7.9-10.el6_4.1.i686.rpm
 pidgin-perl-2.7.9-10.el6_4.1.i686.rpm

- Scientific Linux Development Team