Description: | Description: The remote host is missing an update to pidgin announced via advisory FEDORA-2009-5552.
Update Information:
This is a bugfix & security fix release of Pidgin. The full ChangeLog is available at http://developer.pidgin.im/wiki/ChangeLog Details of the security fixes included are available at http://www.pidgin.im/news/security/
ChangeLog:
* Wed May 20 2009 Stu Tomlinson 2.5.6-1 - 2.5.6
References:
[ 1 ] Bug #500488 - CVE-2009-1373 pidgin file transfer buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=500488 [ 2 ] Bug #500490 - CVE-2009-1374 pidgin DoS when decrypting qq packets https://bugzilla.redhat.com/show_bug.cgi?id=500490 [ 3 ] Bug #500491 - CVE-2009-1375 pidgin PurpleCircBuffer corruption https://bugzilla.redhat.com/show_bug.cgi?id=500491 [ 4 ] Bug #500493 - CVE-2009-1376 pidgin incomplete fix for CVE-2008-2927 https://bugzilla.redhat.com/show_bug.cgi?id=500493
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update pidgin' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5552
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|