pidgin security update
Remote users could crash pidgin via ICQ, SILC, XMPP and
Yahoo protocols (CVE-2011-4601, CVE-2011-4603,
CVE-2011-4602, CVE-2011-1091).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5557
Fixed bugs
bnc#736147
VUL-0: pidgin crash in oscar protocol
CVE#CVE-2011-4601
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2)
CVE#CVE-2011-4603
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via
CVE#CVE-2011-4602
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
CVE#CVE-2011-1091
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2
