Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)
Medium Nessus Plugin ID 44664
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple security vulnerabilities has been identified and fixed in pidgin :
Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277).
In a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420).
oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
This update provides pidgin 2.6.6, which is not vulnerable to these issues.
SolutionUpdate the affected packages.