Oval Definition:oval:com.redhat.rhsa:def:20130646
Revision Date:2013-03-14Version:636
Title:RHSA-2013:0646: pidgin security update (Moderate)
Description:Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.

  • A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)

  • A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username. (CVE-2013-0273)

  • A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially-crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274)

    Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272.

    All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2013-0272
    CVE-2013-0272
    CVE-2013-0273
    CVE-2013-0273
    CVE-2013-0274
    CVE-2013-0274
    RHSA-2013:0646
    RHSA-2013:0646-01
    RHSA-2013:0646-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • finch is earlier than 0:2.6.6-17.el5_9.1
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.6.6-17.el5_9.1
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.6.6-17.el5_9.1
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.6.6-17.el5_9.1
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.6.6-17.el5_9.1
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.6.6-17.el5_9.1
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.6.6-17.el5_9.1
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.6.6-17.el5_9.1
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.6.6-17.el5_9.1
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • finch is earlier than 0:2.7.9-10.el6_4.1
  • AND finch is signed with Red Hat redhatrelease2 key
  • finch-devel is earlier than 0:2.7.9-10.el6_4.1
  • AND finch-devel is signed with Red Hat redhatrelease2 key
  • libpurple is earlier than 0:2.7.9-10.el6_4.1
  • AND libpurple is signed with Red Hat redhatrelease2 key
  • libpurple-devel is earlier than 0:2.7.9-10.el6_4.1
  • AND libpurple-devel is signed with Red Hat redhatrelease2 key
  • libpurple-perl is earlier than 0:2.7.9-10.el6_4.1
  • AND libpurple-perl is signed with Red Hat redhatrelease2 key
  • libpurple-tcl is earlier than 0:2.7.9-10.el6_4.1
  • AND libpurple-tcl is signed with Red Hat redhatrelease2 key
  • pidgin is earlier than 0:2.7.9-10.el6_4.1
  • AND pidgin is signed with Red Hat redhatrelease2 key
  • pidgin-devel is earlier than 0:2.7.9-10.el6_4.1
  • AND pidgin-devel is signed with Red Hat redhatrelease2 key
  • pidgin-docs is earlier than 0:2.7.9-10.el6_4.1
  • AND pidgin-docs is signed with Red Hat redhatrelease2 key
  • pidgin-perl is earlier than 0:2.7.9-10.el6_4.1
  • AND pidgin-perl is signed with Red Hat redhatrelease2 key
    • BACK