Please Install the Updated Packages.

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A directory traversal flaw was discovered in Pidgin's MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin. (CVE-2010-0013) These packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release notes for a full list of changes: <a rel= &qt nofollow &qt href= &qt http://developer.pidgin.im/wiki/ChangeLog &qt >http://developer.pidgin.im/wiki/ChangeLog</a> All Pidgin users should upgrade to these updated packages, which correct this issue. Pidgin must be restarted for this update to take effect.

finch on CentOS 4

• http://lists.centos.org/pipermail/centos-announce/2010-January/016465.html

---

Updated on 2015-03-25