Oval Definition:oval:com.redhat.rhsa:def:20080584
Revision Date:2008-07-09Version:635
Title:RHSA-2008:0584: pidgin security and bug fix update (Important)
Description:Pidgin is a multi-protocol Internet Messaging client.

  • An integer overflow flaw was found in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2008-2927)

    Note: the default Pidgin privacy setting only allows messages from users in the buddy list. This prevents arbitrary MSN users from exploiting this flaw.

    This update also addresses the following bug:

    when attempting to connect to the ICQ network, Pidgin would fail to connect, present an alert saying the "The client version you are using is too old", and de-activate the ICQ account. This update restores Pidgin's ability to connect to the ICQ network.

    All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-2927
    RHSA-2008:0584
    RHSA-2008:0584-01
    RHSA-2008:0584-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND pidgin is earlier than 0:1.5.1-2.el3
  • AND pidgin is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND pidgin is earlier than 0:1.5.1-2.el4
  • AND pidgin is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.3.1-2.el5_2
  • AND finch is signed with Red Hat redhatrelease key
  • libpurple is earlier than 0:2.3.1-2.el5_2
  • AND libpurple is signed with Red Hat redhatrelease key
  • finch-devel is earlier than 0:2.3.1-2.el5_2
  • AND finch-devel is signed with Red Hat redhatrelease key
  • pidgin is earlier than 0:2.3.1-2.el5_2
  • AND pidgin is signed with Red Hat redhatrelease key
  • libpurple-tcl is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-tcl is signed with Red Hat redhatrelease key
  • libpurple-perl is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-perl is signed with Red Hat redhatrelease key
  • pidgin-perl is earlier than 0:2.3.1-2.el5_2
  • AND pidgin-perl is signed with Red Hat redhatrelease key
  • pidgin-devel is earlier than 0:2.3.1-2.el5_2
  • AND pidgin-devel is signed with Red Hat redhatrelease key
  • libpurple-devel is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-devel is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND pidgin is earlier than 0:1.5.1-2.el4
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.3.1-2.el5_2
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.3.1-2.el5_2
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.3.1-2.el5_2
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.3.1-2.el5_2
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.3.1-2.el5_2
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.3.1-2.el5_2
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND pidgin is earlier than 0:1.5.1-2.el3
  • AND pidgin is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND pidgin is earlier than 0:1.5.1-2.el4
  • AND pidgin is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.3.1-2.el5_2
  • AND finch is signed with Red Hat redhatrelease key
  • finch-devel is earlier than 0:2.3.1-2.el5_2
  • AND finch-devel is signed with Red Hat redhatrelease key
  • libpurple is earlier than 0:2.3.1-2.el5_2
  • AND libpurple is signed with Red Hat redhatrelease key
  • libpurple-devel is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-devel is signed with Red Hat redhatrelease key
  • libpurple-perl is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-perl is signed with Red Hat redhatrelease key
  • libpurple-tcl is earlier than 0:2.3.1-2.el5_2
  • AND libpurple-tcl is signed with Red Hat redhatrelease key
  • pidgin is earlier than 0:2.3.1-2.el5_2
  • AND pidgin is signed with Red Hat redhatrelease key
  • pidgin-devel is earlier than 0:2.3.1-2.el5_2
  • AND pidgin-devel is signed with Red Hat redhatrelease key
  • pidgin-perl is earlier than 0:2.3.1-2.el5_2
  • AND pidgin-perl is signed with Red Hat redhatrelease key
    • BACK