Red Hat Bugzilla – Bug 1056473
CVE-2012-6152 pidgin: DoS when decoding non-UTF-8 strings in Yahoo protocol plugin
Last modified: 2015-11-24 10:40:30 EST
A Denial-of-Service flaw was found in the way Yahoo protocol plugin handled character encoding. Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Thijs Alkemade and Robert Vehse as the original reporters of this issue.
Created attachment 853758 [details]
Local copy of the patch
Created pidgin tracking bugs for this issue:
Affects: fedora-all [bug 1059049]
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html
pidgin-2.10.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.9-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.