Oval Definition:oval:com.redhat.rhsa:def:20111371
Revision Date:2011-10-14Version:642
Title:RHSA-2011:1371: pidgin security update (Moderate)
Description:Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

  • An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-3594)

  • Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message. (CVE-2011-1091)

    Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091. Upstream acknowledges Marius Wachtler as the original reporter of CVE-2011-1091.

    All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2011-1091
    CVE-2011-3594
    RHSA-2011:1371
    RHSA-2011:1371-01
    RHSA-2011:1371-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • finch is earlier than 0:2.6.6-7.el4
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.6.6-7.el4
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.6.6-7.el4
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.6.6-7.el4
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.6.6-7.el4
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.6.6-7.el4
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.6.6-7.el4
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.6.6-7.el4
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.6.6-7.el4
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.6.6-5.el5_7.1
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.6.6-5.el5_7.1
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.6.6-5.el5_7.1
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.6.6-5.el5_7.1
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.6.6-5.el5_7.1
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.6.6-5.el5_7.1
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.6.6-5.el5_7.1
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.6.6-5.el5_7.1
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.6.6-5.el5_7.1
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
    • BACK