Описание
ELSA-2011-0616: pidgin security and bug fix update (LOW)
[2.7.9-3.el6]
- Add patch for RH bug #684685 (zero-out crypto keys before freeing).
[2.7.9-2.el6]
- Add patch for CVE-2011-1091 (RH bug #683031).
[2.7.9-1.el6]
- Update to 2.7.9 (RH bug #616917).
- Remove patches now included upstream: pidgin-2.6.6-clientLogin-proxy-fix.patch pidgin-2.6.6-clientLogin-use-https.patch pidgin-2.6.6-CVE-2010-1624.patch pidgin-2.6.6-CVE-2010-3711.patch
- Disable the translation updates patch. It doesn't apply anymore and will have to be redone. Saving the patch for now in case some parts are still useful to translators.
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
finch
2.7.9-3.el6
finch-devel
2.7.9-3.el6
libpurple
2.7.9-3.el6
libpurple-devel
2.7.9-3.el6
libpurple-perl
2.7.9-3.el6
libpurple-tcl
2.7.9-3.el6
pidgin
2.7.9-3.el6
pidgin-devel
2.7.9-3.el6
pidgin-docs
2.7.9-3.el6
pidgin-perl
2.7.9-3.el6
Oracle Linux i686
finch
2.7.9-3.el6
finch-devel
2.7.9-3.el6
libpurple
2.7.9-3.el6
libpurple-devel
2.7.9-3.el6
libpurple-perl
2.7.9-3.el6
libpurple-tcl
2.7.9-3.el6
pidgin
2.7.9-3.el6
pidgin-devel
2.7.9-3.el6
pidgin-docs
2.7.9-3.el6
pidgin-perl
2.7.9-3.el6
Связанные CVE
Связанные уязвимости
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. It was discovered that libpurple versions prior to 2.7.10 do not properly clear certain data structures used in libpurple/cipher.c prior to freeing. An attacker could potentially extract partial information from memory regions freed by libpurple.
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retain ...
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.