Issued:

2009-04-03

Updated:

2009-04-03

RHBA-2009:0407 - pidgin bug fix update

Synopsis

pidgin bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated Pidgin packages that fix significant bugs are now available for Red Hat Enterprise Linux 4 and 5.

Description

Pidgin is a multi-protocol Internet Messaging (IM) client.

This update addresses the following bugs:

• the ICQ Internet message protocol servers recently changed and now require clients to use a newer version of the ICQ protocol. When logging in to ICQ Pidgin 2.5.2 (the version previously shipped with Red Hat Enterprise Linux 4 and 5) fails with an error message as a result. Pidgin 2.5.5, included with this update, uses the newer ICQ protocol, which resolves this issue. (BZ#490104, BZ#490094)

Note: Pidgin 2.5.5 also addresses several other minor bugs. See the Pidgin 2.5.5 ChangeLog, linked to in the References section below, for details regarding these other changes.

• users with "One-Time Password" authenticated logins reported authentication failures because Pidgin attempts to re-connect using the previous password after disconnecting from an IM service. This behavior presented even if the "Remember password" check-box was unchecked in the Account Editor dialog box for a given account (Choose Accounts > Manage Accounts to open a list of active accounts. Double-click an account on this list to show the Account Editor dialog box for that account.)

A new plug-in, "One Time Password Support", is included with this update. With this plug-in enabled, a "One-Time Password" checkbox appears in the Advanced tab of the Account Editor dialog box. For each account that requires One-Time Password authentication, check this checkbox in the Advanced tab. You must also uncheck the "Remember password" checkbox in the Basic tab for this plug-in to work. (BZ#490536, BZ#490539)

Note: because of the unpredictable disconnection rate for IM sessions, the attempts to automatically re-connect noted above are by design and are not considered a bug. The One Time Password plug-in allows the enforcement, on a per-account basis, of One-Time Password authentication. With the plug-in active, Pidgin will still attempt to re-connect to services after being disconnected. It will not, however, use the previous password.

All Pidgin users should upgrade to these updated packages, which contains Pidgin version 2.5.5 and resolves these issues. Note: after these errata packages are installed, Pidgin must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Updated Packages

• pidgin-2.5.5-1.el4.x86_64.rpm
• finch-devel-2.5.5-1.el4.ppc.rpm
• libpurple-perl-2.5.5-1.el4.ia64.rpm
• libpurple-tcl-2.5.5-1.el5.i386.rpm
• finch-devel-2.5.5-1.el4.i386.rpm
• finch-2.5.5-1.el5.i386.rpm
• libpurple-perl-2.5.5-1.el5.x86_64.rpm
• pidgin-2.5.5-1.el5.x86_64.rpm
• pidgin-devel-2.5.5-1.el4.ia64.rpm
• finch-2.5.5-1.el5.x86_64.rpm
• pidgin-2.5.5-1.el4.ppc.rpm
• finch-devel-2.5.5-1.el5.i386.rpm
• pidgin-2.5.5-1.el4.i386.rpm
• libpurple-tcl-2.5.5-1.el4.ppc.rpm
• libpurple-perl-2.5.5-1.el4.ppc.rpm
• pidgin-perl-2.5.5-1.el4.i386.rpm
• libpurple-tcl-2.5.5-1.el4.i386.rpm
• pidgin-perl-2.5.5-1.el4.x86_64.rpm
• pidgin-devel-2.5.5-1.el5.i386.rpm
• libpurple-tcl-2.5.5-1.el4.x86_64.rpm
• pidgin-2.5.5-1.el4.src.rpm
• pidgin-perl-2.5.5-1.el4.ppc.rpm
• finch-2.5.5-1.el4.ppc.rpm
• libpurple-2.5.5-1.el4.ppc.rpm
• pidgin-devel-2.5.5-1.el4.i386.rpm
• libpurple-perl-2.5.5-1.el4.i386.rpm
• libpurple-tcl-2.5.5-1.el4.ia64.rpm
• pidgin-perl-2.5.5-1.el5.x86_64.rpm
• finch-2.5.5-1.el4.ia64.rpm
• libpurple-devel-2.5.5-1.el4.i386.rpm
• finch-2.5.5-1.el4.i386.rpm
• libpurple-perl-2.5.5-1.el4.x86_64.rpm
• libpurple-perl-2.5.5-1.el5.i386.rpm
• pidgin-2.5.5-1.el5.src.rpm
• libpurple-2.5.5-1.el5.x86_64.rpm
• libpurple-devel-2.5.5-1.el5.i386.rpm
• libpurple-devel-2.5.5-1.el5.x86_64.rpm
• libpurple-tcl-2.5.5-1.el5.x86_64.rpm
• libpurple-2.5.5-1.el4.x86_64.rpm
• libpurple-devel-2.5.5-1.el4.x86_64.rpm
• pidgin-devel-2.5.5-1.el5.x86_64.rpm
• finch-devel-2.5.5-1.el5.x86_64.rpm
• pidgin-perl-2.5.5-1.el4.ia64.rpm
• libpurple-devel-2.5.5-1.el4.ia64.rpm
• pidgin-2.5.5-1.el4.ia64.rpm
• finch-devel-2.5.5-1.el4.ia64.rpm
• pidgin-devel-2.5.5-1.el4.ppc.rpm
• pidgin-2.5.5-1.el5.i386.rpm
• pidgin-perl-2.5.5-1.el5.i386.rpm
• libpurple-2.5.5-1.el4.i386.rpm
• finch-devel-2.5.5-1.el4.x86_64.rpm
• libpurple-2.5.5-1.el4.ia64.rpm
• finch-2.5.5-1.el4.x86_64.rpm
• libpurple-devel-2.5.5-1.el4.ppc.rpm
• libpurple-2.5.5-1.el5.i386.rpm
• pidgin-devel-2.5.5-1.el4.x86_64.rpm

Fixes

• This content is not included.BZ - 490536
• This content is not included.BZ - 490539
• This content is not included.BZ - 490104
• This content is not included.BZ - 490094

CVEs

(none)

References

• http://www.redhat.com/security/updates/classification/#none
• Content from developer.pidgin.im is not included.Content from developer.pidgin.im is not included.http://developer.pidgin.im/wiki/ChangeLog#Version2.5.503012009

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.