Oval Definition:oval:com.redhat.rhsa:def:20121102
Revision Date:2012-07-19Version:634
Title:RHSA-2012:1102: pidgin security update (Moderate)
Description:Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

  • A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)

  • An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. (CVE-2012-2318)

  • A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. (CVE-2012-3374)

    Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf Härnhammar as the original reporter of CVE-2012-3374.

    All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2012-1178
    CVE-2012-1178
    CVE-2012-2318
    CVE-2012-2318
    CVE-2012-3374
    CVE-2012-3374
    RHSA-2012:1102
    RHSA-2012:1102-01
    RHSA-2012:1102-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.6.6-11.el5.4
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.6.6-11.el5.4
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.6.6-11.el5.4
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.6.6-11.el5.4
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.6.6-11.el5.4
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.6.6-11.el5.4
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.6.6-11.el5.4
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.6.6-11.el5.4
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.6.6-11.el5.4
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • finch is earlier than 0:2.7.9-5.el6.2
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.7.9-5.el6.2
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.7.9-5.el6.2
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.7.9-5.el6.2
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.7.9-5.el6.2
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.7.9-5.el6.2
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.7.9-5.el6.2
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.7.9-5.el6.2
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-docs is earlier than 0:2.7.9-5.el6.2
  • AND pidgin-docs is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.7.9-5.el6.2
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
    • BACK