CentOS ProjectCESA-2010:0044finch, libpurple, pidgin security update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.072 Low
EPSS
Percentile
94.0%
CentOS Errata and Security Advisory CESA-2010:0044
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
A directory traversal flaw was discovered in Pidgin’s MSN protocol
implementation. A remote attacker could send a specially-crafted emoticon
image download request that would cause Pidgin to disclose an arbitrary
file readable to the user running Pidgin. (CVE-2010-0013)
These packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release
notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog
All Pidgin users should upgrade to these updated packages, which correct
this issue. Pidgin must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-January/078609.html
https://lists.centos.org/pipermail/centos-announce/2010-January/078610.html
https://lists.centos.org/pipermail/centos-announce/2010-January/078627.html
https://lists.centos.org/pipermail/centos-announce/2010-January/078628.html
Affected packages:
finch
finch-devel
libpurple
libpurple-devel
libpurple-perl
libpurple-tcl
pidgin
pidgin-devel
pidgin-perl
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0044
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 5 | i386 | finch | < 2.6.5-1.el5 | finch-2.6.5-1.el5.i386.rpm |
| CentOS | 5 | x86_64 | finch | < 2.6.5-1.el5 | finch-2.6.5-1.el5.x86_64.rpm |
| CentOS | 5 | i386 | finch-devel | < 2.6.5-1.el5 | finch-devel-2.6.5-1.el5.i386.rpm |
| CentOS | 5 | x86_64 | finch-devel | < 2.6.5-1.el5 | finch-devel-2.6.5-1.el5.x86_64.rpm |
| CentOS | 5 | i386 | libpurple | < 2.6.5-1.el5 | libpurple-2.6.5-1.el5.i386.rpm |
| CentOS | 5 | x86_64 | libpurple | < 2.6.5-1.el5 | libpurple-2.6.5-1.el5.x86_64.rpm |
| CentOS | 5 | i386 | libpurple-devel | < 2.6.5-1.el5 | libpurple-devel-2.6.5-1.el5.i386.rpm |
| CentOS | 5 | x86_64 | libpurple-devel | < 2.6.5-1.el5 | libpurple-devel-2.6.5-1.el5.x86_64.rpm |
| CentOS | 5 | x86_64 | libpurple-perl | < 2.6.5-1.el5 | libpurple-perl-2.6.5-1.el5.x86_64.rpm |
| CentOS | 5 | x86_64 | libpurple-tcl | < 2.6.5-1.el5 | libpurple-tcl-2.6.5-1.el5.x86_64.rpm |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.072 Low
EPSS
Percentile
94.0%