Pidgin is an instant messaging program which can log in to multipleaccounts on multiple instant messaging networks simultaneously. Info/Query(IQ) is an Extensible Messaging and Presence Protocol (XMPP) specificrequest-response mechanism.A NULL pointer dereference flaw was found in the way the Pidgin XMPPprotocol plug-in processes IQ error responses when trying to fetch a customsmiley. A remote client could send a specially-crafted IQ error responsethat would crash Pidgin. (CVE-2009-3085)A NULL pointer dereference flaw was found in the way the Pidgin IRCprotocol plug-in handles IRC topics. A malicious IRC server could send aspecially-crafted IRC TOPIC message, which once received by Pidgin, wouldlead to a denial of service (Pidgin crash). (CVE-2009-2703)It was discovered that, when connecting to certain, very old Jabber serversvia XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In thesesituations, a non-encrypted connection is established rather than theconnection failing, causing the user to believe they are using an encryptedconnection when they are not, leading to sensitive information disclosure(session sniffing). (CVE-2009-3026)A NULL pointer dereference flaw was found in the way the Pidgin MSNprotocol plug-in handles improper MSNSLP invitations. A remote attackercould send a specially-crafted MSNSLP invitation request, which onceaccepted by a valid Pidgin user, would lead to a denial of service (Pidgincrash). (CVE-2009-3083)These packages upgrade Pidgin to version 2.6.2. Refer to the Pidgin releasenotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLogAll Pidgin users should upgrade to these updated packages, which correctthese issues. Pidgin must be restarted for this update to take effect.