An invalid pointer dereference was found in the way Pidgin instant messaging client used to process list of contacts, sent from the SIM IM client(s). Remote attacker could send a specially-crafted contact-list to Pidgin client, leading to denial of service (Pidgin crash) or, potentially, to execute arbitrary code as the user running Pidgin. References: ----------- http://pidgin.im/news/security/?id=41 http://developer.pidgin.im/ticket/10481 Upstream patch: --------------- http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0 Credit: ------- nightwing666
This issue affects the versions of Pidgin package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
pidgin-2.6.3-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.3-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1535 https://rhn.redhat.com/errata/RHSA-2009-1535.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1536 https://rhn.redhat.com/errata/RHSA-2009-1536.html