CentOS ProjectCESA-2008:0584finch, libpurple, pidgin security update
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%
CentOS Errata and Security Advisory CESA-2008:0584
Pidgin is a multi-protocol Internet Messaging client.
An integer overflow flaw was found in Pidgin’s MSN protocol handler. If a
user received a malicious MSN message, it was possible to execute arbitrary
code with the permissions of the user running Pidgin. (CVE-2008-2927)
Note: the default Pidgin privacy setting only allows messages from users in
the buddy list. This prevents arbitrary MSN users from exploiting this
flaw.
This update also addresses the following bug:
- when attempting to connect to the ICQ network, Pidgin would fail to
connect, present an alert saying the “The client version you are using is
too old”, and de-activate the ICQ account. This update restores Pidgin’s
ability to connect to the ICQ network.
All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077247.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077248.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077254.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077255.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077257.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077258.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077260.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077261.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077268.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077269.html
Affected packages:
finch
finch-devel
libpurple
libpurple-devel
libpurple-perl
libpurple-tcl
pidgin
pidgin-devel
pidgin-perl
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0584
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 3 | i386 | pidgin | < 1.5.1-2.el3 | pidgin-1.5.1-2.el3.i386.rpm |
| CentOS | 3 | x86_64 | pidgin | < 1.5.1-2.el3 | pidgin-1.5.1-2.el3.x86_64.rpm |
| CentOS | 3 | ia64 | pidgin | < 1.5.1-2.el3 | pidgin-1.5.1-2.el3.ia64.rpm |
| CentOS | 4 | ia64 | pidgin | < 1.5.1-2.el4 | pidgin-1.5.1-2.el4.ia64.rpm |
| CentOS | 3 | s390 | pidgin | < 1.5.1-2.el3 | pidgin-1.5.1-2.el3.s390.rpm |
| CentOS | 3 | s390x | pidgin | < 1.5.1-2.el3 | pidgin-1.5.1-2.el3.s390x.rpm |
| CentOS | 4 | s390 | pidgin | < 1.5.1-2.el4 | pidgin-1.5.1-2.el4.s390.rpm |
| CentOS | 4 | s390x | pidgin | < 1.5.1-2.el4 | pidgin-1.5.1-2.el4.s390x.rpm |
| CentOS | 5 | i386 | finch | < 2.3.1-2.el5_2 | finch-2.3.1-2.el5_2.i386.rpm |
| CentOS | 5 | i386 | finch-devel | < 2.3.1-2.el5_2 | finch-devel-2.3.1-2.el5_2.i386.rpm |
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%