Pidgin is a Gtk+ based multiprotocol instant messaging client. The SILC Purple plug-in allows Pidgin to use the Secure Internet Live Conferencing (SILC) protocol. A heap-based buffer overflow flaw was found in the way the SILC Purple Pidgin protocol plug-in escaped certain UTF-8 private messages. If a Pidgin client received a specially-crafted SILC message, it could cause Pidgin to crash, or, potentially lead to arbitrary code execution with the privileges of the user running Pidgin. References: [1] http://developer.pidgin.im/ticket/14636
This issue affects the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue did NOT affect the version of the pidgin package, as shipped with Red Hat Enterprise Linux 6 since the Pidgin SILC plug-in has been disabled there. -- This issue affects the versions of the pidgin package, as shipped with Fedora release of 14 and 15.
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 742457]
*** This bug has been marked as a duplicate of bug 743481 ***
pidgin-2.10.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.