Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: pidgin on SL5.x, SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Thursday 14th March 2013 21:07:21 UTC (over 3 years ago)
Synopsis:          Moderate: pidgin security update
Issue Date:        2013-03-14
CVE Numbers:       CVE-2013-0272
                    CVE-2013-0273
                    CVE-2013-0274
--

A stack-based buffer overflow flaw was found in the Pidgin MXit protocol
plug-in. A malicious server or a remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)

A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.
A malicious server or a remote attacker could use this flaw to crash
Pidgin by sending a specially-crafted username. (CVE-2013-0273)

A buffer overflow flaw was found in the way Pidgin processed certain UPnP
responses. A remote attacker could send a specially-crafted UPnP response
that, when processed, would crash Pidgin. (CVE-2013-0274)

Pidgin must be restarted for this update to take effect.
--

SL5
   x86_64
     finch-2.6.6-17.el5_9.1.i386.rpm
     finch-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-2.6.6-17.el5_9.1.i386.rpm
     libpurple-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-2.6.6-17.el5_9.1.i386.rpm
     pidgin-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-perl-2.6.6-17.el5_9.1.x86_64.rpm
     finch-devel-2.6.6-17.el5_9.1.i386.rpm
     finch-devel-2.6.6-17.el5_9.1.x86_64.rpm
     libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
     libpurple-devel-2.6.6-17.el5_9.1.x86_64.rpm
     pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
     pidgin-devel-2.6.6-17.el5_9.1.x86_64.rpm
   i386
     finch-2.6.6-17.el5_9.1.i386.rpm
     libpurple-2.6.6-17.el5_9.1.i386.rpm
     libpurple-perl-2.6.6-17.el5_9.1.i386.rpm
     libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm
     pidgin-2.6.6-17.el5_9.1.i386.rpm
     pidgin-debuginfo-2.6.6-17.el5_9.1.i386.rpm
     pidgin-perl-2.6.6-17.el5_9.1.i386.rpm
     finch-devel-2.6.6-17.el5_9.1.i386.rpm
     libpurple-devel-2.6.6-17.el5_9.1.i386.rpm
     pidgin-devel-2.6.6-17.el5_9.1.i386.rpm
SL6
   x86_64
     libpurple-2.7.9-10.el6_4.1.i686.rpm
     libpurple-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.x86_64.rpm
     finch-2.7.9-10.el6_4.1.i686.rpm
     finch-2.7.9-10.el6_4.1.x86_64.rpm
     finch-devel-2.7.9-10.el6_4.1.i686.rpm
     finch-devel-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-devel-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-perl-2.7.9-10.el6_4.1.x86_64.rpm
     libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
     pidgin-devel-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-docs-2.7.9-10.el6_4.1.x86_64.rpm
     pidgin-perl-2.7.9-10.el6_4.1.x86_64.rpm
   i386
     libpurple-2.7.9-10.el6_4.1.i686.rpm
     pidgin-2.7.9-10.el6_4.1.i686.rpm
     pidgin-debuginfo-2.7.9-10.el6_4.1.i686.rpm
     finch-2.7.9-10.el6_4.1.i686.rpm
     finch-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-devel-2.7.9-10.el6_4.1.i686.rpm
     libpurple-perl-2.7.9-10.el6_4.1.i686.rpm
     libpurple-tcl-2.7.9-10.el6_4.1.i686.rpm
     pidgin-devel-2.7.9-10.el6_4.1.i686.rpm
     pidgin-docs-2.7.9-10.el6_4.1.i686.rpm
     pidgin-perl-2.7.9-10.el6_4.1.i686.rpm

- Scientific Linux Development Team
 
CD: 3ms