Scientific Linux alert SL-pidg-20120719 (pidgin) [LWN.net]


From:
    	       riehecky@fnal.gov 
To:
    	       scientific-linux-errata@fnal.gov 
Subject:
    	       Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64 
Date:
    	       Thu, 19 Jul 2012 16:08:52 -0500
Message-ID:
    	       <201207192108.q6JL8qjW010291@fefmon2.fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:    Moderate: pidgin security update
Issue Date:  2012-07-19
CVE Numbers: CVE-2012-1178
             CVE-2012-2318
             CVE-2012-3374


Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A flaw was found in the way the Pidgin MSN protocol plug-in processed text
that was not encoded in UTF-8. A remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)

An input validation flaw was found in the way the Pidgin MSN protocol
plug-in handled MSN notification messages. A malicious server or a remote
attacker could use this flaw to crash Pidgin by sending a specially-crafted
MSN notification message. (CVE-2012-2318)

A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A
remote attacker could use this flaw to crash Pidgin by sending a MXit
message containing specially-crafted emoticon tags. (CVE-2012-3374)

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

SL5:
  i386
     finch-2.6.6-11.el5.4.i386.rpm
     finch-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-2.6.6-11.el5.4.i386.rpm
     libpurple-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-perl-2.6.6-11.el5.4.i386.rpm
     libpurple-tcl-2.6.6-11.el5.4.i386.rpm
     pidgin-2.6.6-11.el5.4.i386.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
     pidgin-devel-2.6.6-11.el5.4.i386.rpm
     pidgin-perl-2.6.6-11.el5.4.i386.rpm
  x86_64
     finch-2.6.6-11.el5.4.i386.rpm
     finch-2.6.6-11.el5.4.x86_64.rpm
     finch-devel-2.6.6-11.el5.4.i386.rpm
     finch-devel-2.6.6-11.el5.4.x86_64.rpm
     libpurple-2.6.6-11.el5.4.i386.rpm
     libpurple-2.6.6-11.el5.4.x86_64.rpm
     libpurple-devel-2.6.6-11.el5.4.i386.rpm
     libpurple-devel-2.6.6-11.el5.4.x86_64.rpm
     libpurple-perl-2.6.6-11.el5.4.x86_64.rpm
     libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm
     pidgin-2.6.6-11.el5.4.i386.rpm
     pidgin-2.6.6-11.el5.4.x86_64.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm
     pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm
     pidgin-devel-2.6.6-11.el5.4.i386.rpm
     pidgin-devel-2.6.6-11.el5.4.x86_64.rpm
     pidgin-perl-2.6.6-11.el5.4.x86_64.rpm
SL6:
  i386
     finch-2.7.9-5.el6.2.i686.rpm
     finch-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-2.7.9-5.el6.2.i686.rpm
     libpurple-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-perl-2.7.9-5.el6.2.i686.rpm
     libpurple-tcl-2.7.9-5.el6.2.i686.rpm
     pidgin-2.7.9-5.el6.2.i686.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
     pidgin-devel-2.7.9-5.el6.2.i686.rpm
     pidgin-docs-2.7.9-5.el6.2.i686.rpm
     pidgin-perl-2.7.9-5.el6.2.i686.rpm
  x86_64
     finch-2.7.9-5.el6.2.i686.rpm
     finch-2.7.9-5.el6.2.x86_64.rpm
     finch-devel-2.7.9-5.el6.2.i686.rpm
     finch-devel-2.7.9-5.el6.2.x86_64.rpm
     libpurple-2.7.9-5.el6.2.i686.rpm
     libpurple-2.7.9-5.el6.2.x86_64.rpm
     libpurple-devel-2.7.9-5.el6.2.i686.rpm
     libpurple-devel-2.7.9-5.el6.2.x86_64.rpm
     libpurple-perl-2.7.9-5.el6.2.x86_64.rpm
     libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm
     pidgin-2.7.9-5.el6.2.x86_64.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm
     pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm
     pidgin-devel-2.7.9-5.el6.2.i686.rpm
     pidgin-devel-2.7.9-5.el6.2.x86_64.rpm
     pidgin-docs-2.7.9-5.el6.2.x86_64.rpm
     pidgin-perl-2.7.9-5.el6.2.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)