First published: Wed Jul 09 2008(Updated: )
Pidgin is a multi-protocol Internet Messaging client.<br>An integer overflow flaw was found in Pidgin's MSN protocol handler. If a<br>user received a malicious MSN message, it was possible to execute arbitrary<br>code with the permissions of the user running Pidgin. (CVE-2008-2927)<br>Note: the default Pidgin privacy setting only allows messages from users in<br>the buddy list. This prevents arbitrary MSN users from exploiting this<br>flaw.<br>This update also addresses the following bug:<br><li> when attempting to connect to the ICQ network, Pidgin would fail to</li> connect, present an alert saying the "The client version you are using is<br>too old", and de-activate the ICQ account. This update restores Pidgin's<br>ability to connect to the ICQ network.<br>All Pidgin users should upgrade to these updated packages, which contain<br>backported patches to resolve these issues.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/pidgin | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/finch | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/finch | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/finch-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/finch-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple-tcl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/pidgin | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/pidgin-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/pidgin-devel | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/pidgin-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/libpurple-tcl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/pidgin-perl | <2.3.1-2.el5_2 | 2.3.1-2.el5_2 |
redhat/pidgin | <1.5.1-2.el4 | 1.5.1-2.el4 |
redhat/pidgin | <1.5.1-2.el4 | 1.5.1-2.el4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.