Red Hat Bugzilla – Bug 1099776
CVE-2014-3775 libgadu: server response memory corruption issue
Last modified: 2015-01-20 12:06:07 EST
It was reported that the libgadu 1.12.0-rc3 release fixes a memory corruption issue, triggered by a crafted response from a file relay server:
A malicious file relay server could possibly use this flaw to execute arbitrary code in an application that uses libgadu.
Created libgadu tracking bugs for this issue:
Affects: fedora-all [bug 1099777]
Looks like Pidgin is affected too:
Fedora apperas to use the system verison of libgadu, so that will not be affected once libgadu is fixed.
From an initial investigation, Red Hat Enterprise Linux 6 uses its own embedded version and is vulnerable. Red Hat Enterprise Linux 5 does not appear to have the affected functionality.
libgadu-1.12.0-0.5.rc3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libgadu-1.12.0-0.5.rc3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.