RHSA-2008:0584: Important: pidgin security and bug fix update
First published: Wed Jul 09 2008(Updated: )
Pidgin is a multi-protocol Internet Messaging client.<br>An integer overflow flaw was found in Pidgin's MSN protocol handler. If a<br>user received a malicious MSN message, it was possible to execute arbitrary<br>code with the permissions of the user running Pidgin. (CVE-2008-2927)<br>Note: the default Pidgin privacy setting only allows messages from users in<br>the buddy list. This prevents arbitrary MSN users from exploiting this<br>flaw.<br>This update also addresses the following bug:<br><li> when attempting to connect to the ICQ network, Pidgin would fail to</li> connect, present an alert saying the "The client version you are using is<br>too old", and de-activate the ICQ account. This update restores Pidgin's<br>ability to connect to the ICQ network.<br>All Pidgin users should upgrade to these updated packages, which contain<br>backported patches to resolve these issues.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/pidgin | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/finch | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/finch | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/finch-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/finch-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple-tcl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/pidgin | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/pidgin-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/pidgin-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/pidgin-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/libpurple-tcl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/pidgin-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
| redhat/pidgin | <1.5.1-2.el4 | 1.5.1-2.el4 |
| redhat/pidgin | <1.5.1-2.el4 | 1.5.1-2.el4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=453634
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=453764
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=453773
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=453774
- http://www.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2008:0584 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0584
- agent/software-canonical-lookup
- package-manager/redhat