LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

pidgin: multiple vulnerabilities

Package(s):pidgin CVE #(s):CVE-2011-4602 CVE-2011-4603
Created:December 15, 2011 Updated:January 9, 2012
Description:

From the Red Hat advisory:

An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-4603)

Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message. (CVE-2011-4602)

Alerts:
CentOS CESA-2011:1821 2011-12-22
Oracle ELSA-2011-1821 2011-12-17
Scientific Linux SL-pidg-20111214 2011-12-14
Scientific Linux SL-pidg-20111214 2011-12-14
Oracle ELSA-2011-1820 2011-12-14
CentOS CESA-2011:1820 2011-12-14
CentOS CESA-2011:1820 2011-12-14
Red Hat RHSA-2011:1821-01 2011-12-14
Red Hat RHSA-2011:1820-01 2011-12-14
Fedora FEDORA-2011-17558 2011-12-30
Fedora FEDORA-2011-17546 2011-12-30
openSUSE openSUSE-SU-2012:0066-1 2012-01-09
Ubuntu USN-1500-1 2012-07-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds