A denial-of-service flaw was found in pidgin's QQ protocol handler. When the QQ protocol decrypts packet information, a heap based buffer overflow results, which could cause pidgin to crash.
Link to upstream advisory: http://www.pidgin.im/news/security//?id=30
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1060 https://rhn.redhat.com/errata/RHSA-2009-1060.html
pidgin-2.5.6-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/pidgin-2.5.6-1.fc9
pidgin-2.5.6-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.5.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.5.6-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2009-1060.html Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-5597 https://admin.fedoraproject.org/updates/F11/FEDORA-2009-5583 https://admin.fedoraproject.org/updates/F9/FEDORA-2009-5552