Solution
Please Install the Updated Packages.
Insight
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.
A directory traversal flaw was discovered in Pidgin's MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin. (CVE-2010-0013)
These packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog
All Pidgin users should upgrade to these updated packages, which correct this issue. Pidgin must be restarted for this update to take effect.
Affected
finch on CentOS 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-0013 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities