Oval Definition:oval:com.redhat.rhsa:def:20111821
Revision Date:2011-12-14Version:634
Title:RHSA-2011:1821: pidgin security update (Moderate)
Description:Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

  • An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime (OSCAR) protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. (CVE-2011-4601)

  • Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message. (CVE-2011-4602)

    Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Evgeny Boger as the original reporter of CVE-2011-4601, and Thijs Alkemade as the original reporter of CVE-2011-4602.

    All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2011-4601
    CVE-2011-4601
    CVE-2011-4602
    CVE-2011-4602
    RHSA-2011:1821
    RHSA-2011:1821-01
    RHSA-2011:1821-01
    Platform(s):Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • finch is earlier than 0:2.7.9-3.el6.2
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.7.9-3.el6.2
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.7.9-3.el6.2
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.7.9-3.el6.2
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.7.9-3.el6.2
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.7.9-3.el6.2
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.7.9-3.el6.2
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.7.9-3.el6.2
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-docs is earlier than 0:2.7.9-3.el6.2
  • AND pidgin-docs is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.7.9-3.el6.2
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
  • BACK