Security Advisory Moderate: pidgin security and bug fix update

Advisory: RHSA-2008:1023-6
Type: Security Advisory
Severity: Moderate
Issued on: 2008-12-15
Last updated on: 2008-12-15
Affected Products: RHEL Desktop Workstation (v. 5 client)
RHEL Optional Productivity Applications (v. 5 server)
RHEL Optional Productivity Applications EUS (v. 5.2.z server)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20081023.xml
CVEs (cve.mitre.org): CVE-2008-2955
CVE-2008-2957
CVE-2008-3532

Details

Updated Pidgin packages that fix several security issues and bugs are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Pidgin is a multi-protocol Internet Messaging client.

A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a
remote user was able to send, and the Pidgin user accepted, a
carefully-crafted file request, it could result in Pidgin crashing.
(CVE-2008-2955)

A denial-of-service flaw was found in Pidgin's Universal Plug and Play
(UPnP) request handling. A malicious UPnP server could send a request to
Pidgin, causing it to download an excessive amount of data, consuming all
available memory or disk space. (CVE-2008-2957)

A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL
implementation in Pidgin did not properly verify the authenticity of SSL
certificates. This could have resulted in users unknowingly connecting to a
malicious SSL service. (CVE-2008-3532)

In addition, this update upgrades pidgin from version 2.3.1 to version
2.5.2, with many additional stability and functionality fixes from the
Pidgin Project.

Note: the Secure Internet Live Conferencing (SILC) chat network protocol
has recently changed, affecting all versions of pidgin shipped with Red Hat
Enterprise Linux.

Pidgin cannot currently connect to the latest version of the SILC server
(1.1.14): it fails to properly exchange keys during initial login. This
update does not correct this. Red Hat Bugzilla #474212 (linked to in the
References section) has more information.

Note: after the errata packages are installed, Pidgin must be restarted for
the update to take effect.

All Pidgin users should upgrade to these updated packages, which contains
Pidgin version 2.5.2 and resolves these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
pidgin-2.5.2-6.el5.src.rpm
File outdated by:  RHSA-2009:1139		     36f1fd1717165a24f6ac733ac9f5fb1c
 
IA-32:
finch-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     4249d5ff3569493bdce67ac6a26a0f84
libpurple-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     abfe4e6ecb3f66bbc5f071c0163ef992
pidgin-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     215ba21618273b5eebf8e1ea3ffe3c63
 
x86_64:
finch-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     4249d5ff3569493bdce67ac6a26a0f84
finch-devel-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     7da6c96bd06fc59aa833efaebe6da12e
libpurple-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     abfe4e6ecb3f66bbc5f071c0163ef992
libpurple-devel-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     24964be74420dab509edfcb1dbc56f2b
pidgin-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     215ba21618273b5eebf8e1ea3ffe3c63
pidgin-devel-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     2428072f2a7abb38a1f08a433f942dd0
 
RHEL Optional Productivity Applications (v. 5 server)
SRPMS:
pidgin-2.5.2-6.el5.src.rpm
File outdated by:  RHSA-2009:1139		     36f1fd1717165a24f6ac733ac9f5fb1c
 
IA-32:
finch-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     36559d7a3ab137044b0d8c810e912d85
finch-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     4249d5ff3569493bdce67ac6a26a0f84
libpurple-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     af299abf00893a7a643914ba5f6ddd3b
libpurple-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     abfe4e6ecb3f66bbc5f071c0163ef992
libpurple-perl-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     8c852e1efa42ef41ad3831e7f285bbc3
libpurple-tcl-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     8d2c819f136c8e005b7ad4cd5e970ed6
pidgin-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     ba17bc5b2ff90cd55f4c6b276072c90e
pidgin-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     215ba21618273b5eebf8e1ea3ffe3c63
pidgin-perl-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     2684ca1183641aa8a3afac603b8216f9
 
x86_64:
finch-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     36559d7a3ab137044b0d8c810e912d85
finch-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     c698ae9eab88d0cfc7b0ca490e8c4b6d
finch-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     4249d5ff3569493bdce67ac6a26a0f84
finch-devel-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     7da6c96bd06fc59aa833efaebe6da12e
libpurple-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     af299abf00893a7a643914ba5f6ddd3b
libpurple-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     5897f208692ea428a88cd9fd9ef84cda
libpurple-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     abfe4e6ecb3f66bbc5f071c0163ef992
libpurple-devel-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     24964be74420dab509edfcb1dbc56f2b
libpurple-perl-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     f329049238631d26487d44236051ca4e
libpurple-tcl-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     037a0f02f52ef461ac21fe0da71959d8
pidgin-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     ba17bc5b2ff90cd55f4c6b276072c90e
pidgin-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bb6b11b3ccfd565dfcc06be4e9a8ff49
pidgin-devel-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     215ba21618273b5eebf8e1ea3ffe3c63
pidgin-devel-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     2428072f2a7abb38a1f08a433f942dd0
pidgin-perl-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     6a3f63529ff1e338bf97cfa1d3835e78
 
RHEL Optional Productivity Applications EUS (v. 5.2.z server)
SRPMS:
pidgin-2.5.2-6.el5.src.rpm
File outdated by:  RHSA-2009:1139		     36f1fd1717165a24f6ac733ac9f5fb1c
 
IA-32:
finch-2.5.2-6.el5.i386.rpm     36559d7a3ab137044b0d8c810e912d85
finch-devel-2.5.2-6.el5.i386.rpm     4249d5ff3569493bdce67ac6a26a0f84
libpurple-2.5.2-6.el5.i386.rpm     af299abf00893a7a643914ba5f6ddd3b
libpurple-devel-2.5.2-6.el5.i386.rpm     abfe4e6ecb3f66bbc5f071c0163ef992
libpurple-perl-2.5.2-6.el5.i386.rpm     8c852e1efa42ef41ad3831e7f285bbc3
libpurple-tcl-2.5.2-6.el5.i386.rpm     8d2c819f136c8e005b7ad4cd5e970ed6
pidgin-2.5.2-6.el5.i386.rpm     ba17bc5b2ff90cd55f4c6b276072c90e
pidgin-devel-2.5.2-6.el5.i386.rpm     215ba21618273b5eebf8e1ea3ffe3c63
pidgin-perl-2.5.2-6.el5.i386.rpm     2684ca1183641aa8a3afac603b8216f9
 
x86_64:
finch-2.5.2-6.el5.i386.rpm     36559d7a3ab137044b0d8c810e912d85
finch-2.5.2-6.el5.x86_64.rpm     c698ae9eab88d0cfc7b0ca490e8c4b6d
finch-devel-2.5.2-6.el5.i386.rpm     4249d5ff3569493bdce67ac6a26a0f84
finch-devel-2.5.2-6.el5.x86_64.rpm     7da6c96bd06fc59aa833efaebe6da12e
libpurple-2.5.2-6.el5.i386.rpm     af299abf00893a7a643914ba5f6ddd3b
libpurple-2.5.2-6.el5.x86_64.rpm     5897f208692ea428a88cd9fd9ef84cda
libpurple-devel-2.5.2-6.el5.i386.rpm     abfe4e6ecb3f66bbc5f071c0163ef992
libpurple-devel-2.5.2-6.el5.x86_64.rpm     24964be74420dab509edfcb1dbc56f2b
libpurple-perl-2.5.2-6.el5.x86_64.rpm     f329049238631d26487d44236051ca4e
libpurple-tcl-2.5.2-6.el5.x86_64.rpm     037a0f02f52ef461ac21fe0da71959d8
pidgin-2.5.2-6.el5.i386.rpm     ba17bc5b2ff90cd55f4c6b276072c90e
pidgin-2.5.2-6.el5.x86_64.rpm     bb6b11b3ccfd565dfcc06be4e9a8ff49
pidgin-devel-2.5.2-6.el5.i386.rpm     215ba21618273b5eebf8e1ea3ffe3c63
pidgin-devel-2.5.2-6.el5.x86_64.rpm     2428072f2a7abb38a1f08a433f942dd0
pidgin-perl-2.5.2-6.el5.x86_64.rpm     6a3f63529ff1e338bf97cfa1d3835e78
 
Red Hat Desktop (v. 4)
SRPMS:
pidgin-2.5.2-6.el4.src.rpm
File outdated by:  RHSA-2009:1139		     814524ccbfcfab29b2422eb05b5910db
 
IA-32:
finch-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     01965c108c25c16da1fd3c5211f50e3a
finch-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     1c22ea1593ad0f2da003688efbab62f1
libpurple-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     2465278349fe19c206e7abb00cee707b
libpurple-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     9d2456d6da80713acbd55c900ec0f0d6
libpurple-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     c5d0a643032ff94fd3ff4352196e5a41
libpurple-tcl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     28a8fe147d13f72c4bda622e0763375a
pidgin-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     dfa9d70d6fe6986afe1dffa472b8133c
pidgin-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f4e586524d01665f956d97f652cf1793
pidgin-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f977bd1ab4ed0aec9b948f2ae1eecbf9
 
x86_64:
finch-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     ea9fc35123caad7335f6eff552456314
finch-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     faa2046614784aa580c996e9d7dc5c5d
libpurple-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bf8acb6777da010cb24d19a70dd9d8aa
libpurple-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     e440f354daae5e696c03fd8aef61e28f
libpurple-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bcfc54d39bad101edcdbaf7f35c3e9d5
libpurple-tcl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     948e34f9bbe141e004b5602c4ba33888
pidgin-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     2f9f266894e9f6de7f6e6f0cfa03ee65
pidgin-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     9e9c8f09116664a80ef03429eb054d2c
pidgin-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     8e7b47f908495da5f6bd9572ea9e7fbf
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
pidgin-2.5.2-6.el4.src.rpm
File outdated by:  RHSA-2009:1139		     814524ccbfcfab29b2422eb05b5910db
 
IA-32:
finch-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     01965c108c25c16da1fd3c5211f50e3a
finch-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     1c22ea1593ad0f2da003688efbab62f1
libpurple-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     2465278349fe19c206e7abb00cee707b
libpurple-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     9d2456d6da80713acbd55c900ec0f0d6
libpurple-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     c5d0a643032ff94fd3ff4352196e5a41
libpurple-tcl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     28a8fe147d13f72c4bda622e0763375a
pidgin-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     dfa9d70d6fe6986afe1dffa472b8133c
pidgin-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f4e586524d01665f956d97f652cf1793
pidgin-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f977bd1ab4ed0aec9b948f2ae1eecbf9
 
IA-64:
finch-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     0d9e88db7669a915956ca2064a42141b
finch-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     e11b36b1e1ef8883a7a5f4c5c8a27d9b
libpurple-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     f9afd1d34cb806656bc7a4e364c7734a
libpurple-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     adcf813f74ccdb6e1c57192c3a1e54c2
libpurple-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     3e2c0276df95527703db86832de4a0be
libpurple-tcl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     70c0cda0a3c7e68da07e8c66a30e68b2
pidgin-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     cc8c41e129304962fd59ceea24f786f3
pidgin-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     bfc4e4f5eda3c62ce0cfe947b29a0e66
pidgin-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     46796e43ed08a8ece5a6176a9584aa34
 
PPC:
finch-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     d7b32d18aeca02c0f05f65ad02d4509f
finch-devel-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     165fef009b97e35246671f982412c766
libpurple-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     a83be98dc7539814aa813c8c316cd3b7
libpurple-devel-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     b6f417829ab45afbd2a740246754f4c1
libpurple-perl-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     f01a9ac1e29ceb4efc3b0c5977305bbb
libpurple-tcl-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     b69a226d43844f0244b00ecf991787f2
pidgin-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     0c6d3d89fcd7ee5d9b969231f8807d67
pidgin-devel-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     82a7ba8023954e11b0440762e67509f3
pidgin-perl-2.5.2-6.el4.ppc.rpm
File outdated by:  RHSA-2009:1139		     193dff9f4e510acde495bfd37f46c774
 
x86_64:
finch-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     ea9fc35123caad7335f6eff552456314
finch-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     faa2046614784aa580c996e9d7dc5c5d
libpurple-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bf8acb6777da010cb24d19a70dd9d8aa
libpurple-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     e440f354daae5e696c03fd8aef61e28f
libpurple-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bcfc54d39bad101edcdbaf7f35c3e9d5
libpurple-tcl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     948e34f9bbe141e004b5602c4ba33888
pidgin-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     2f9f266894e9f6de7f6e6f0cfa03ee65
pidgin-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     9e9c8f09116664a80ef03429eb054d2c
pidgin-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     8e7b47f908495da5f6bd9572ea9e7fbf
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
pidgin-2.5.2-6.el4.src.rpm
File outdated by:  RHSA-2009:1139		     814524ccbfcfab29b2422eb05b5910db
 
IA-32:
finch-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     01965c108c25c16da1fd3c5211f50e3a
finch-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     1c22ea1593ad0f2da003688efbab62f1
libpurple-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     2465278349fe19c206e7abb00cee707b
libpurple-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     9d2456d6da80713acbd55c900ec0f0d6
libpurple-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     c5d0a643032ff94fd3ff4352196e5a41
libpurple-tcl-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     28a8fe147d13f72c4bda622e0763375a
pidgin-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     dfa9d70d6fe6986afe1dffa472b8133c
pidgin-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     f4e586524d01665f956d97f652cf1793
pidgin-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     f977bd1ab4ed0aec9b948f2ae1eecbf9
 
IA-64:
finch-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     0d9e88db7669a915956ca2064a42141b
finch-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     e11b36b1e1ef8883a7a5f4c5c8a27d9b
libpurple-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     f9afd1d34cb806656bc7a4e364c7734a
libpurple-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     adcf813f74ccdb6e1c57192c3a1e54c2
libpurple-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     3e2c0276df95527703db86832de4a0be
libpurple-tcl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     70c0cda0a3c7e68da07e8c66a30e68b2
pidgin-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     cc8c41e129304962fd59ceea24f786f3
pidgin-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     bfc4e4f5eda3c62ce0cfe947b29a0e66
pidgin-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     46796e43ed08a8ece5a6176a9584aa34
 
PPC:
finch-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     d7b32d18aeca02c0f05f65ad02d4509f
finch-devel-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     165fef009b97e35246671f982412c766
libpurple-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     a83be98dc7539814aa813c8c316cd3b7
libpurple-devel-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     b6f417829ab45afbd2a740246754f4c1
libpurple-perl-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     f01a9ac1e29ceb4efc3b0c5977305bbb
libpurple-tcl-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     b69a226d43844f0244b00ecf991787f2
pidgin-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     0c6d3d89fcd7ee5d9b969231f8807d67
pidgin-devel-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     82a7ba8023954e11b0440762e67509f3
pidgin-perl-2.5.2-6.el4.ppc.rpm
File outdated by:  RHBA-2009:0407		     193dff9f4e510acde495bfd37f46c774
 
x86_64:
finch-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     ea9fc35123caad7335f6eff552456314
finch-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     faa2046614784aa580c996e9d7dc5c5d
libpurple-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     bf8acb6777da010cb24d19a70dd9d8aa
libpurple-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     e440f354daae5e696c03fd8aef61e28f
libpurple-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     bcfc54d39bad101edcdbaf7f35c3e9d5
libpurple-tcl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     948e34f9bbe141e004b5602c4ba33888
pidgin-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     2f9f266894e9f6de7f6e6f0cfa03ee65
pidgin-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     9e9c8f09116664a80ef03429eb054d2c
pidgin-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     8e7b47f908495da5f6bd9572ea9e7fbf
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
pidgin-2.5.2-6.el5.src.rpm
File outdated by:  RHSA-2009:1139		     36f1fd1717165a24f6ac733ac9f5fb1c
 
IA-32:
finch-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     36559d7a3ab137044b0d8c810e912d85
libpurple-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     af299abf00893a7a643914ba5f6ddd3b
libpurple-perl-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     8c852e1efa42ef41ad3831e7f285bbc3
libpurple-tcl-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     8d2c819f136c8e005b7ad4cd5e970ed6
pidgin-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     ba17bc5b2ff90cd55f4c6b276072c90e
pidgin-perl-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     2684ca1183641aa8a3afac603b8216f9
 
x86_64:
finch-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     36559d7a3ab137044b0d8c810e912d85
finch-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     c698ae9eab88d0cfc7b0ca490e8c4b6d
libpurple-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     af299abf00893a7a643914ba5f6ddd3b
libpurple-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     5897f208692ea428a88cd9fd9ef84cda
libpurple-perl-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     f329049238631d26487d44236051ca4e
libpurple-tcl-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     037a0f02f52ef461ac21fe0da71959d8
pidgin-2.5.2-6.el5.i386.rpm
File outdated by:  RHSA-2009:1139		     ba17bc5b2ff90cd55f4c6b276072c90e
pidgin-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bb6b11b3ccfd565dfcc06be4e9a8ff49
pidgin-perl-2.5.2-6.el5.x86_64.rpm
File outdated by:  RHSA-2009:1139		     6a3f63529ff1e338bf97cfa1d3835e78
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
pidgin-2.5.2-6.el4.src.rpm
File outdated by:  RHSA-2009:1139		     814524ccbfcfab29b2422eb05b5910db
 
IA-32:
finch-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     01965c108c25c16da1fd3c5211f50e3a
finch-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     1c22ea1593ad0f2da003688efbab62f1
libpurple-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     2465278349fe19c206e7abb00cee707b
libpurple-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     9d2456d6da80713acbd55c900ec0f0d6
libpurple-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     c5d0a643032ff94fd3ff4352196e5a41
libpurple-tcl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     28a8fe147d13f72c4bda622e0763375a
pidgin-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     dfa9d70d6fe6986afe1dffa472b8133c
pidgin-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f4e586524d01665f956d97f652cf1793
pidgin-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f977bd1ab4ed0aec9b948f2ae1eecbf9
 
IA-64:
finch-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     0d9e88db7669a915956ca2064a42141b
finch-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     e11b36b1e1ef8883a7a5f4c5c8a27d9b
libpurple-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     f9afd1d34cb806656bc7a4e364c7734a
libpurple-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     adcf813f74ccdb6e1c57192c3a1e54c2
libpurple-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     3e2c0276df95527703db86832de4a0be
libpurple-tcl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     70c0cda0a3c7e68da07e8c66a30e68b2
pidgin-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     cc8c41e129304962fd59ceea24f786f3
pidgin-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     bfc4e4f5eda3c62ce0cfe947b29a0e66
pidgin-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     46796e43ed08a8ece5a6176a9584aa34
 
x86_64:
finch-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     ea9fc35123caad7335f6eff552456314
finch-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     faa2046614784aa580c996e9d7dc5c5d
libpurple-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bf8acb6777da010cb24d19a70dd9d8aa
libpurple-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     e440f354daae5e696c03fd8aef61e28f
libpurple-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bcfc54d39bad101edcdbaf7f35c3e9d5
libpurple-tcl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     948e34f9bbe141e004b5602c4ba33888
pidgin-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     2f9f266894e9f6de7f6e6f0cfa03ee65
pidgin-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     9e9c8f09116664a80ef03429eb054d2c
pidgin-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     8e7b47f908495da5f6bd9572ea9e7fbf
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
pidgin-2.5.2-6.el4.src.rpm
File outdated by:  RHSA-2009:1139		     814524ccbfcfab29b2422eb05b5910db
 
IA-32:
finch-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     01965c108c25c16da1fd3c5211f50e3a
finch-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     1c22ea1593ad0f2da003688efbab62f1
libpurple-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     2465278349fe19c206e7abb00cee707b
libpurple-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     9d2456d6da80713acbd55c900ec0f0d6
libpurple-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     c5d0a643032ff94fd3ff4352196e5a41
libpurple-tcl-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     28a8fe147d13f72c4bda622e0763375a
pidgin-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     dfa9d70d6fe6986afe1dffa472b8133c
pidgin-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     f4e586524d01665f956d97f652cf1793
pidgin-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHBA-2009:0407		     f977bd1ab4ed0aec9b948f2ae1eecbf9
 
IA-64:
finch-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     0d9e88db7669a915956ca2064a42141b
finch-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     e11b36b1e1ef8883a7a5f4c5c8a27d9b
libpurple-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     f9afd1d34cb806656bc7a4e364c7734a
libpurple-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     adcf813f74ccdb6e1c57192c3a1e54c2
libpurple-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     3e2c0276df95527703db86832de4a0be
libpurple-tcl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     70c0cda0a3c7e68da07e8c66a30e68b2
pidgin-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     cc8c41e129304962fd59ceea24f786f3
pidgin-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     bfc4e4f5eda3c62ce0cfe947b29a0e66
pidgin-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHBA-2009:0407		     46796e43ed08a8ece5a6176a9584aa34
 
x86_64:
finch-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     ea9fc35123caad7335f6eff552456314
finch-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     faa2046614784aa580c996e9d7dc5c5d
libpurple-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     bf8acb6777da010cb24d19a70dd9d8aa
libpurple-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     e440f354daae5e696c03fd8aef61e28f
libpurple-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     bcfc54d39bad101edcdbaf7f35c3e9d5
libpurple-tcl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     948e34f9bbe141e004b5602c4ba33888
pidgin-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     2f9f266894e9f6de7f6e6f0cfa03ee65
pidgin-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     9e9c8f09116664a80ef03429eb054d2c
pidgin-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHBA-2009:0407		     8e7b47f908495da5f6bd9572ea9e7fbf
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
pidgin-2.5.2-6.el4.src.rpm
File outdated by:  RHSA-2009:1139		     814524ccbfcfab29b2422eb05b5910db
 
IA-32:
finch-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     01965c108c25c16da1fd3c5211f50e3a
finch-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     1c22ea1593ad0f2da003688efbab62f1
libpurple-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     2465278349fe19c206e7abb00cee707b
libpurple-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     9d2456d6da80713acbd55c900ec0f0d6
libpurple-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     c5d0a643032ff94fd3ff4352196e5a41
libpurple-tcl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     28a8fe147d13f72c4bda622e0763375a
pidgin-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     dfa9d70d6fe6986afe1dffa472b8133c
pidgin-devel-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f4e586524d01665f956d97f652cf1793
pidgin-perl-2.5.2-6.el4.i386.rpm
File outdated by:  RHSA-2009:1139		     f977bd1ab4ed0aec9b948f2ae1eecbf9
 
IA-64:
finch-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     0d9e88db7669a915956ca2064a42141b
finch-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     e11b36b1e1ef8883a7a5f4c5c8a27d9b
libpurple-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     f9afd1d34cb806656bc7a4e364c7734a
libpurple-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     adcf813f74ccdb6e1c57192c3a1e54c2
libpurple-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     3e2c0276df95527703db86832de4a0be
libpurple-tcl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     70c0cda0a3c7e68da07e8c66a30e68b2
pidgin-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     cc8c41e129304962fd59ceea24f786f3
pidgin-devel-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     bfc4e4f5eda3c62ce0cfe947b29a0e66
pidgin-perl-2.5.2-6.el4.ia64.rpm
File outdated by:  RHSA-2009:1139		     46796e43ed08a8ece5a6176a9584aa34
 
x86_64:
finch-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     ea9fc35123caad7335f6eff552456314
finch-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     faa2046614784aa580c996e9d7dc5c5d
libpurple-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bf8acb6777da010cb24d19a70dd9d8aa
libpurple-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     e440f354daae5e696c03fd8aef61e28f
libpurple-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     bcfc54d39bad101edcdbaf7f35c3e9d5
libpurple-tcl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     948e34f9bbe141e004b5602c4ba33888
pidgin-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     2f9f266894e9f6de7f6e6f0cfa03ee65
pidgin-devel-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     9e9c8f09116664a80ef03429eb054d2c
pidgin-perl-2.5.2-6.el4.x86_64.rpm
File outdated by:  RHSA-2009:1139		     8e7b47f908495da5f6bd9572ea9e7fbf
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

446562 - User Tune (XEP-0118) shouldn't default on
453736 - CVE-2008-2955 pidgin: remote DoS via MSN message with crafted file name
453740 - CVE-2008-2957 pidgin: unrestricted download of arbitrary files triggered via UPnP
457907 - CVE-2008-3532 pidgin: NSS plugin doesn't verify SSL certificates
471858 - Failed to add new MSN group.
472508 - The Font settings that I customized didn't apply to the outgoing message on the conversation window


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532
http://www.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=474212

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/