When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This vulnerability is similar to CVE-2011-3594, but occurs in a different piece of code and was fixed at a later date. Reference: http://pidgin.im/news/security/?id=59 Patch: http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1
Created pidgin tracking bugs for this issue Affects: fedora-all [bug 766454]
Acknowledgements: Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Diego Bauche Madero from IOActive as the original reporter.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:1820 https://rhn.redhat.com/errata/RHSA-2011-1820.html
Statement: Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol.
pidgin-2.10.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
pidgin-2.10.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.