From Mageia wiki
Jump to: navigation, search

MGASA-2012-0109-2

Date: June 10th, 2012
Affected releases: 1


Description:
Updated pidgin packages fix security vulnerabilities:

A series of specially crafted file transfer requests can cause clients
to reference invalid memory. The user must have accepted one of the file
transfer requests (CVE-2012-2214).

Incoming messages with certain characters or character encodings can
cause clients to crash (CVE-2012-2318).

UPDATE:
This advisory is updated to correct text errors that incorrectly
listed the updated packages as affected ones.


Updated Packages:
pidgin-2.10.4-1.mga1
pidgin-bonjour-2.10.4-1.mga1
pidgin-client-2.10.4-1.mga1
pidgin-i18n-2.10.4-1.mga1
pidgin-meanwhile-2.10.4-1.mga1
pidgin-perl-2.10.4-1.mga1
pidgin-plugins-2.10.4-1.mga1
pidgin-silc-2.10.4-1.mga1
pidgin-tcl-2.10.4-1.mga1
lib(64)finch0-2.10.4-1.mga1
lib(64)purple0-2.10.4-1.mga1
lib(64)purple-devel-2.10.4-1.mga1
finch-2.10.4-1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318
http://pidgin.im/news/security/?id=62
http://pidgin.im/news/security/?id=63
https://bugs.mageia.org/show_bug.cgi?id=5624