MGASA-2012-0154
| Date: | July 10th, 2012 |
| Affected releases: | 1, 2 |
Description:
Pidgin version less than 2.10.5 contain a security vulnerability, which
will cause a buffer overflow when parsing incoming messages containing
inline images (CVE-2012-3374).
The packages in Mageia 1 and 2 have been updated to 2.10.6 to fix this
vulnerability.
Updated Packages:
Mageia 1:
pidgin-2.10.6-1.mga1
pidgin-bonjour-2.10.6-1.mga1
pidgin-client-2.10.6-1.mga1
pidgin-i18n-2.10.6-1.mga1
pidgin-meanwhile-2.10.6-1.mga1
pidgin-perl-2.10.6-1.mga1
pidgin-plugins-2.10.6-1.mga1
pidgin-silc-2.10.6-1.mga1
pidgin-tcl-2.10.6-1.mga1
finch-2.10.6-1.mga1
lib(64)finch0-2.10.6-1.mga1
lib(64)purple0-2.10.6-1.mga1
lib(64)purple-devel-2.10.6-1.mga1
Mageia 2:
pidgin-2.10.6-1.mga2
pidgin-bonjour-2.10.6-1.mga2
pidgin-client-2.10.6-1.mga2
pidgin-i18n-2.10.6-1.mga2
pidgin-meanwhile-2.10.6-1.mga2
pidgin-perl-2.10.6-1.mga2
pidgin-plugins-2.10.6-1.mga2
pidgin-silc-2.10.6-1.mga2
pidgin-tcl-2.10.6-1.mga2
finch-2.10.6-1.mga2
lib(64)finch0-2.10.6-1.mga2
lib(64)purple0-2.10.6-1.mga2
lib(64)purple-devel-2.10.6-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374
http://www.pidgin.im/news/security/?id=64
http://developer.pidgin.im/wiki/ChangeLog
http://www.debian.org/security/2012/dsa-2509
http://lwn.net/Vulnerabilities/505986/
https://bugs.mageia.org/show_bug.cgi?id=6709
