[Bluewhite64 Linux Security] pidgin [BW64SA:20090820-01]
Hash: SHA1
[Bluewhite64 Linux Security] pidgin [BW64SA:20090820-01]
New pidgin packages are available for Bluewhite64 Linux 12.0, 12.1, 12.2,
and -current to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/pidgin-2.5.9-x86_64-1.tgz: Upgraded.
This update fixes a bug in Pidgin's MSN protocol implementation can allow
a remote attacker to send a malicious MSN message to a Pidgin user, which
will possibly cause arbitrary code to be executed as that user.
This issue was discovered by Federico Muttis of Core Security Technologies.
For more information, see:
http://www.coresecurity.com/content/libpurple-arbitrary-write
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
[*** Security fix ***]
- --------------------------
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/pidgin-2.5.9-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/pidgin-2.5.9-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/pidgin-2.5.9-x86_64-1.tgz
For Bluewhite64 Linux -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/xap/pidgin-2.5.9-x86_64-1.txz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 Linux 12.0 package:
2ca9fdc37f2cbefdcd6d4f1cd0d2155b pidgin-2.5.9-x86_64-1.tgz
Bluewhite64 Linux 12.1 package:
e73addc7a3b5be82a52e507943d0ac4d pidgin-2.5.9-x86_64-1.tgz
Bluewhite64 Linux 12.2 package:
78514f7ac7f74ea8e88ea7d59989d226 pidgin-2.5.9-x86_64-1.tgz
Bluewhite64 Linux -current package:
04a84d043d43bc5760e6347d88620ff3 pidgin-2.5.9-x86_64-1.txz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg pidgin-2.5.9-x86_64-1.tgz
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqNn/UACgkQpTOsxuDdlY5POQCeLRBumSHu7gsqssfLytCQUzgg
BWkAn0k7P4zZP5q2lCGOUGoi3T8dAm5a
=ecio
-----END PGP SIGNATURE-----