Red Hat Bugzilla – Bug 766446
CVE-2011-4603 pidgin: SILC remote crash on channel messages
Last modified: 2012-08-08 05:00:04 EDT
When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This vulnerability is similar to CVE-2011-3594, but occurs in a different piece of code and was fixed at a later date.
Created pidgin tracking bugs for this issue
Affects: fedora-all [bug 766454]
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Diego Bauche Madero from IOActive as the original reporter.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2011:1820 https://rhn.redhat.com/errata/RHSA-2011-1820.html
Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol.
pidgin-2.10.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.