MGASA-2012-0109-2
Date: | June 10th, 2012 |
Affected releases: | 1 |
Description:
Updated pidgin packages fix security vulnerabilities:
A series of specially crafted file transfer requests can cause clients
to reference invalid memory. The user must have accepted one of the file
transfer requests (CVE-2012-2214).
Incoming messages with certain characters or character encodings can
cause clients to crash (CVE-2012-2318).
UPDATE:
This advisory is updated to correct text errors that incorrectly
listed the updated packages as affected ones.
Updated Packages:
pidgin-2.10.4-1.mga1
pidgin-bonjour-2.10.4-1.mga1
pidgin-client-2.10.4-1.mga1
pidgin-i18n-2.10.4-1.mga1
pidgin-meanwhile-2.10.4-1.mga1
pidgin-perl-2.10.4-1.mga1
pidgin-plugins-2.10.4-1.mga1
pidgin-silc-2.10.4-1.mga1
pidgin-tcl-2.10.4-1.mga1
lib(64)finch0-2.10.4-1.mga1
lib(64)purple0-2.10.4-1.mga1
lib(64)purple-devel-2.10.4-1.mga1
finch-2.10.4-1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318
http://pidgin.im/news/security/?id=62
http://pidgin.im/news/security/?id=63
https://bugs.mageia.org/show_bug.cgi?id=5624