It was reported that the libgadu 1.12.0-rc3 release fixes a memory corruption issue, triggered by a crafted response from a file relay server: http://www.openwall.com/lists/oss-security/2014/05/15/8 A malicious file relay server could possibly use this flaw to execute arbitrary code in an application that uses libgadu.
Created libgadu tracking bugs for this issue: Affects: fedora-all [bug 1099777]
Looks like Pidgin is affected too: http://launchpadlibrarian.net/175981395/pidgin_1%3A2.10.9-0ubuntu3_1%3A2.10.9-0ubuntu3.1.diff.gz Fedora apperas to use the system verison of libgadu, so that will not be affected once libgadu is fixed. From an initial investigation, Red Hat Enterprise Linux 6 uses its own embedded version and is vulnerable. Red Hat Enterprise Linux 5 does not appear to have the affected functionality.
possible patches: https://github.com/wojtekka/libgadu/commit/f45ff34dfe2edab54d6fa185e8b87246ab100bd4 https://github.com/wojtekka/libgadu/commit/0db17ad635b07566d4e53a773919c16472341966
libgadu-1.12.0-0.5.rc3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libgadu-1.12.0-0.5.rc3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.