Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
A directory traversal flaw was discovered in Pidgin’s MSN protocol
implementation. A remote attacker could send a specially-crafted emoticon
image download request that would cause Pidgin to disclose an arbitrary
file readable to the user running Pidgin. (CVE-2010-0013)
These packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release
notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog
All Pidgin users should upgrade to these updated packages, which correct
this issue. Pidgin must be restarted for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ia64 | libpurple-tcl | < 2.6.5-1.el4.1 | libpurple-tcl-2.6.5-1.el4.1.ia64.rpm |
RedHat | 5 | i386 | libpurple-perl | < 2.6.5-1.el5 | libpurple-perl-2.6.5-1.el5.i386.rpm |
RedHat | 4 | ia64 | pidgin-perl | < 2.6.5-1.el4.1 | pidgin-perl-2.6.5-1.el4.1.ia64.rpm |
RedHat | 4 | x86_64 | libpurple-tcl | < 2.6.5-1.el4.1 | libpurple-tcl-2.6.5-1.el4.1.x86_64.rpm |
RedHat | 5 | x86_64 | pidgin | < 2.6.5-1.el5 | pidgin-2.6.5-1.el5.x86_64.rpm |
RedHat | 5 | x86_64 | pidgin-perl | < 2.6.5-1.el5 | pidgin-perl-2.6.5-1.el5.x86_64.rpm |
RedHat | 4 | x86_64 | libpurple-perl | < 2.6.5-1.el4.1 | libpurple-perl-2.6.5-1.el4.1.x86_64.rpm |
RedHat | 5 | i386 | libpurple-tcl | < 2.6.5-1.el5 | libpurple-tcl-2.6.5-1.el5.i386.rpm |
RedHat | 5 | x86_64 | libpurple-perl | < 2.6.5-1.el5 | libpurple-perl-2.6.5-1.el5.x86_64.rpm |
RedHat | 4 | x86_64 | libpurple | < 2.6.5-1.el4.1 | libpurple-2.6.5-1.el4.1.x86_64.rpm |