ELSA-2013-0646 -- Oracle pidgin
|ID: oval:org.secpod.oval:def:1500125||Date: (C)2013-03-21 (M)2017-09-22|
|Class: PATCH||Family: unix|
Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section. Pidgin is an instant messaging program which can log in to multipleaccounts on multiple instant messaging networks simultaneously.A stack-based buffer overflow flaw was found in the Pidgin MXit protocolplug-in. A malicious server or a remote attacker could use this flaw tocrash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in.A malicious server or a remote attacker could use this flaw to crash Pidginby sending a specially-crafted username. A buffer overflow flaw was found in the way Pidgin processed certain UPnPresponses. A remote attacker could send a specially-crafted UPnP responsethat, when processed, would crash Pidgin. Red Hat would like to thank the Pidgin project for reporting the aboveissues. Upstream acknowledges Daniel Atallah as the original reporter ofCVE-2013-0272.All Pidgin users should upgrade to these updated packages, which containbackported patches to resolve these issues. Pidgin must be restarted forthis update to take effect.