Multiple NULL pointer dereference flaws were found in the way the Jingle extension of the XMPP protocol plug-in of Pidgin, a Gtk+ based multiprotocol instant messaging client, processed certain Jingle stanzas. A remote, authenticated user could use these flaws to cause denial of service (Pidgin crash) via specially-crafted Jingle multimedia message. Reference: http://pidgin.im/news/security/?id=58 Patch: http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6
This issues affect the versions of the pidgin package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affect the versions of the pidgin package, as shipped with Fedora release of 15 and 16.
Acknowledgements: Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Thijs Alkemade as the original reporter.
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 766454]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1821 https://rhn.redhat.com/errata/RHSA-2011-1821.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:1820 https://rhn.redhat.com/errata/RHSA-2011-1820.html
pidgin-2.10.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.