(RHSA-2013:0646) Moderate: pidgin security update

2013-03-1400:00:00

access.redhat.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

87.1%

JSON

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A stack-based buffer overflow flaw was found in the Pidgin MXit protocol
plug-in. A malicious server or a remote attacker could use this flaw to
crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272)

A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.
A malicious server or a remote attacker could use this flaw to crash Pidgin
by sending a specially-crafted username. (CVE-2013-0273)

A buffer overflow flaw was found in the way Pidgin processed certain UPnP
responses. A remote attacker could send a specially-crafted UPnP response
that, when processed, would crash Pidgin. (CVE-2013-0274)

Red Hat would like to thank the Pidgin project for reporting the above
issues. Upstream acknowledges Daniel Atallah as the original reporter of
CVE-2013-0272.

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64libpurple< 2.7.9-10.el6_4.1libpurple-2.7.9-10.el6_4.1.x86_64.rpm
RedHat5i386pidgin< 2.6.6-17.el5_9.1pidgin-2.6.6-17.el5_9.1.i386.rpm
RedHat6ppcpidgin-debuginfo< 2.7.9-10.el6_4.1pidgin-debuginfo-2.7.9-10.el6_4.1.ppc.rpm
RedHat5x86_64libpurple-perl< 2.6.6-17.el5_9.1libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm
RedHat6srcpidgin< 2.7.9-10.el6_4.1pidgin-2.7.9-10.el6_4.1.src.rpm
RedHat5x86_64libpurple-tcl< 2.6.6-17.el5_9.1libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm
RedHat6x86_64libpurple-tcl< 2.7.9-10.el6_4.1libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm
RedHat6ppc64pidgin-devel< 2.7.9-10.el6_4.1pidgin-devel-2.7.9-10.el6_4.1.ppc64.rpm
RedHat6i686finch< 2.7.9-10.el6_4.1finch-2.7.9-10.el6_4.1.i686.rpm
RedHat5i386libpurple-tcl< 2.6.6-17.el5_9.1libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	libpurple	< 2.7.9-10.el6_4.1	libpurple-2.7.9-10.el6_4.1.x86_64.rpm
RedHat	5	i386	pidgin	< 2.6.6-17.el5_9.1	pidgin-2.6.6-17.el5_9.1.i386.rpm
RedHat	6	ppc	pidgin-debuginfo	< 2.7.9-10.el6_4.1	pidgin-debuginfo-2.7.9-10.el6_4.1.ppc.rpm
RedHat	5	x86_64	libpurple-perl	< 2.6.6-17.el5_9.1	libpurple-perl-2.6.6-17.el5_9.1.x86_64.rpm
RedHat	6	src	pidgin	< 2.7.9-10.el6_4.1	pidgin-2.7.9-10.el6_4.1.src.rpm
RedHat	5	x86_64	libpurple-tcl	< 2.6.6-17.el5_9.1	libpurple-tcl-2.6.6-17.el5_9.1.x86_64.rpm
RedHat	6	x86_64	libpurple-tcl	< 2.7.9-10.el6_4.1	libpurple-tcl-2.7.9-10.el6_4.1.x86_64.rpm
RedHat	6	ppc64	pidgin-devel	< 2.7.9-10.el6_4.1	pidgin-devel-2.7.9-10.el6_4.1.ppc64.rpm
RedHat	6	i686	finch	< 2.7.9-10.el6_4.1	finch-2.7.9-10.el6_4.1.i686.rpm
RedHat	5	i386	libpurple-tcl	< 2.6.6-17.el5_9.1	libpurple-tcl-2.6.6-17.el5_9.1.i386.rpm