Oval Definition:oval:com.redhat.rhsa:def:20100115
Revision Date:2010-02-18Version:638
Title:RHSA-2010:0115: pidgin security update (Moderate)
Description:Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

  • An input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277)

  • A denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML "br" element, it would cause Finch to crash. (CVE-2010-0420)

    Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting the CVE-2010-0420 issue.

  • A denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423)

    These packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog

    All Pidgin users are advised to upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2010-0277
    CVE-2010-0420
    CVE-2010-0423
    RHSA-2010:0115
    RHSA-2010:0115-01
    RHSA-2010:0115-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • finch is earlier than 0:2.6.6-1.el4
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.6.6-1.el4
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.6.6-1.el4
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.6.6-1.el4
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.6.6-1.el4
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.6.6-1.el4
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.6.6-1.el4
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.6.6-1.el4
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.6.6-1.el4
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.6.6-1.el5
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.6.6-1.el5
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.6.6-1.el5
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.6.6-1.el5
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.6.6-1.el5
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.6.6-1.el5
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.6.6-1.el5
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.6.6-1.el5
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.6.6-1.el5
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
    • BACK