Red Hat Bugzilla – Bug 554335
CVE-2010-0277 pidgin MSN protocol plugin memory corruption
Last modified: 2016-03-01 04:44:09 EST
slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
Adium 1.3.8 allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via
unknown vectors, a different issue than CVE-2010-0013.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0115 https://rhn.redhat.com/errata/RHSA-2010-0115.html
pidgin-2.6.6-1.fc12 has been submitted as an update for Fedora 12.
This is not an issue for pidgin in Red Hat Enterprise Linux 3 due to the MSN protocol support in that version (1.5.1) is out-dated and no longer supported by MSN servers. We do not have any plans to backport MSN protocol changes to that version of Pidgin.
pidgin-2.6.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.6.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.