Scientific Linux alert SL-pidg-20120719 (pidgin)
| From: | riehecky@fnal.gov | |
| To: | scientific-linux-errata@fnal.gov | |
| Subject: | Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64 | |
| Date: | Thu, 19 Jul 2012 16:08:52 -0500 | |
| Message-ID: | <201207192108.q6JL8qjW010291@fefmon2.fnal.gov> |
Synopsis: Moderate: pidgin security update Issue Date: 2012-07-19 CVE Numbers: CVE-2012-1178 CVE-2012-2318 CVE-2012-3374 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178) An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. (CVE-2012-2318) A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. (CVE-2012-3374) All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. SL5: i386 finch-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-perl-2.6.6-11.el5.4.i386.rpm libpurple-tcl-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-perl-2.6.6-11.el5.4.i386.rpm x86_64 finch-2.6.6-11.el5.4.i386.rpm finch-2.6.6-11.el5.4.x86_64.rpm finch-devel-2.6.6-11.el5.4.i386.rpm finch-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-2.6.6-11.el5.4.i386.rpm libpurple-2.6.6-11.el5.4.x86_64.rpm libpurple-devel-2.6.6-11.el5.4.i386.rpm libpurple-devel-2.6.6-11.el5.4.x86_64.rpm libpurple-perl-2.6.6-11.el5.4.x86_64.rpm libpurple-tcl-2.6.6-11.el5.4.x86_64.rpm pidgin-2.6.6-11.el5.4.i386.rpm pidgin-2.6.6-11.el5.4.x86_64.rpm pidgin-debuginfo-2.6.6-11.el5.4.i386.rpm pidgin-debuginfo-2.6.6-11.el5.4.x86_64.rpm pidgin-devel-2.6.6-11.el5.4.i386.rpm pidgin-devel-2.6.6-11.el5.4.x86_64.rpm pidgin-perl-2.6.6-11.el5.4.x86_64.rpm SL6: i386 finch-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-perl-2.7.9-5.el6.2.i686.rpm libpurple-tcl-2.7.9-5.el6.2.i686.rpm pidgin-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-docs-2.7.9-5.el6.2.i686.rpm pidgin-perl-2.7.9-5.el6.2.i686.rpm x86_64 finch-2.7.9-5.el6.2.i686.rpm finch-2.7.9-5.el6.2.x86_64.rpm finch-devel-2.7.9-5.el6.2.i686.rpm finch-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-2.7.9-5.el6.2.i686.rpm libpurple-2.7.9-5.el6.2.x86_64.rpm libpurple-devel-2.7.9-5.el6.2.i686.rpm libpurple-devel-2.7.9-5.el6.2.x86_64.rpm libpurple-perl-2.7.9-5.el6.2.x86_64.rpm libpurple-tcl-2.7.9-5.el6.2.x86_64.rpm pidgin-2.7.9-5.el6.2.x86_64.rpm pidgin-debuginfo-2.7.9-5.el6.2.i686.rpm pidgin-debuginfo-2.7.9-5.el6.2.x86_64.rpm pidgin-devel-2.7.9-5.el6.2.i686.rpm pidgin-devel-2.7.9-5.el6.2.x86_64.rpm pidgin-docs-2.7.9-5.el6.2.x86_64.rpm pidgin-perl-2.7.9-5.el6.2.x86_64.rpm - Scientific Linux Development Team