An out-of-bounds write vulnerability was found in purple_markup_unescape_entity. It can be triggered by sending invalid XML entities separated by whitespace, eg "ஸ". In default installation, this can get called only when receiving data from a server. Upstream patch(es): https://bitbucket.org/pidgin/main/commits/6745ecd124da91d6711ebab8812247bcd785939a https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9bf6bffcafa156c14a4c7b3640837
Acknowledgments: Name: the Pidgin project
Created attachment 1260886 [details] Upstream patch
Created pidgin tracking bugs for this issue: Affects: fedora-all [bug 1431018]
Public via https://pidgin.im/news/security/ page.
*** Bug 1428500 has been marked as a duplicate of this bug. ***
Upstream fixes (from the Git mirror): commit 2f79c62fde05b7e24dfaa421a03529ec593a7190 Author: Eion Robb <eionrobb> Date: Mon Feb 20 21:05:32 2017 +0000 Use the more robust entity processing that @dequisdequis came up with --HG-- branch : EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880 commit f2e987f01f58202d8a9b665eb1d8e1152fe399a2 Author: Eion Robb <eionrobb> Date: Sun Feb 19 03:13:47 2017 +0000 Fix for crash when sending invalid xml entities separated by whitespace, eg "&# 3000;" --HG-- branch : EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1854 https://access.redhat.com/errata/RHSA-2017:1854