Package name
pidgin
Date
2013-03-14
Advisory ID
MDVSA-2013:025
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in pidgin:

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might
allow remote attackers to create or overwrite files via a crafted
(1) mxit or (2) mxit/imagestrips pathname (CVE-2013-0271).

Buffer overflow in http.c in the MXit protocol plugin in libpurple
in Pidgin before 2.10.7 allows remote servers to execute arbitrary
code via a long HTTP header (CVE-2013-0272).

sametime.c in the Sametime protocol plugin in libpurple in Pidgin
before 2.10.7 does not properly terminate long user IDs, which allows
remote servers to cause a denial of service (application crash)
via a crafted packet (CVE-2013-0273).

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate
long strings in UPnP responses, which allows remote attackers to
cause a denial of service (application crash) by leveraging access
to the local network (CVE-2013-0274).

This update provides pidgin 2.10.7, which is not vulnerable to
these issues.

Updated packages

MES5 i586

 4eb267f970ddb2ad4d62321c269d4a9b  mes5/i586/finch-2.10.7-0.1mdvmes5.2.i586.rpm
 e21539113c76768f5d2e0a0a4a9f6cbc  mes5/i586/libfinch0-2.10.7-0.1mdvmes5.2.i586.rpm
 19fcd2343bc5a28cfac82570047dabc8  mes5/i586/libpurple0-2.10.7-0.1mdvmes5.2.i586.rpm
 1d1ec13029069d2e5670ecd9e5c2c084  mes5/i586/libpurple-devel-2.10.7-0.1mdvmes5.2.i586.rpm
 24f8bc13c74be1366165f8c04d4b67ac  mes5/i586/pidgin-2.10.7-0.1mdvmes5.2.i586.rpm
 fe6749ec8865e5cc96b16ddce0606e25  mes5/i586/pidgin-bonjour-2.10.7-0.1mdvmes5.2.i586.rpm
 76f84decf6d5834037ccf6b9ed4c68d9  mes5/i586/pidgin-client-2.10.7-0.1mdvmes5.2.i586.rpm
 41f63fd40174df1160a63ef44d881c3c  mes5/i586/pidgin-gevolution-2.10.7-0.1mdvmes5.2.i586.rpm
 936c150819cd7e8ac19e5f2d02bb684d  mes5/i586/pidgin-i18n-2.10.7-0.1mdvmes5.2.i586.rpm
 7c1d22d3777f7c49f7d49b09a1d43811  mes5/i586/pidgin-meanwhile-2.10.7-0.1mdvmes5.2.i586.rpm
 ca57564f29f191f3bae55c9ce6255234  mes5/i586/pidgin-perl-2.10.7-0.1mdvmes5.2.i586.rpm
 1882da3624a8dc8e27a51f3c867dbc88  mes5/i586/pidgin-plugins-2.10.7-0.1mdvmes5.2.i586.rpm
 37ee0fe3a08d109f069de07f8a218f27  mes5/i586/pidgin-silc-2.10.7-0.1mdvmes5.2.i586.rpm
 4d8bbdce9ce0e3b1ec663f4df384c70b  mes5/i586/pidgin-tcl-2.10.7-0.1mdvmes5.2.i586.rpm 
 d8390c286670e49deee241267eb5070e  mes5/SRPMS/pidgin-2.10.7-0.1mdvmes5.2.src.rpm

MES5 x86_64

 00fb4dc53fd8cbf056d493ca75231d1c  mes5/x86_64/finch-2.10.7-0.1mdvmes5.2.x86_64.rpm
 f0a81cae3067ba8fa47f603af718e1bd  mes5/x86_64/lib64finch0-2.10.7-0.1mdvmes5.2.x86_64.rpm
 d50e2f1821a4912639b20fa678d4538b  mes5/x86_64/lib64purple0-2.10.7-0.1mdvmes5.2.x86_64.rpm
 5a73a3d942a97d581a5b89bfcc550be3  mes5/x86_64/lib64purple-devel-2.10.7-0.1mdvmes5.2.x86_64.rpm
 337ca23774f09a1f6e60d02ba1bdef3f  mes5/x86_64/pidgin-2.10.7-0.1mdvmes5.2.x86_64.rpm
 49d7a34e3af48fbf49d59a8dad1ca3fb  mes5/x86_64/pidgin-bonjour-2.10.7-0.1mdvmes5.2.x86_64.rpm
 53099ab83b0f4351d3668e2f84e6d2fa  mes5/x86_64/pidgin-client-2.10.7-0.1mdvmes5.2.x86_64.rpm
 31dc403c7863624346efaaa46027b3d1  mes5/x86_64/pidgin-gevolution-2.10.7-0.1mdvmes5.2.x86_64.rpm
 1ae8ab836a6caffa77b99fe6e5de31ae  mes5/x86_64/pidgin-i18n-2.10.7-0.1mdvmes5.2.x86_64.rpm
 beea935bc761483e50e5ec60bfeaa2a5  mes5/x86_64/pidgin-meanwhile-2.10.7-0.1mdvmes5.2.x86_64.rpm
 8d6abe0c106b5f9d24917cdad13ef668  mes5/x86_64/pidgin-perl-2.10.7-0.1mdvmes5.2.x86_64.rpm
 616204b1f131bf39fd77758765052286  mes5/x86_64/pidgin-plugins-2.10.7-0.1mdvmes5.2.x86_64.rpm
 60ef462c8b8f28b4280169a6bac8d22f  mes5/x86_64/pidgin-silc-2.10.7-0.1mdvmes5.2.x86_64.rpm
 78026cbae2cfdb327d64ed6b6b3fcc51  mes5/x86_64/pidgin-tcl-2.10.7-0.1mdvmes5.2.x86_64.rpm 
 d8390c286670e49deee241267eb5070e  mes5/SRPMS/pidgin-2.10.7-0.1mdvmes5.2.src.rpm

References