MDVSA-2010:041 -- Mandriva pidginID: oval:org.secpod.oval:def:300347 | Date: (C)2012-01-07 (M)2024-01-29 |
Class: PATCH | Family: unix |
Multiple security vulnerabilities has been identified and fixed in pidgin: Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly . In a user in a multi-user chat room has a nickname containing "<br>" then libpurple ends up having two users with username " " in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution . oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.6, which is not vulnerable to these issues.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |