Mandriva Linux Security Advisory : pidgin (MDVSA-2010:208)
Medium Nessus Plugin ID 50296
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA security vulnerability has been identified and fixed in pidgin :
It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service (CVE-2010-3711).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
This update provides pidgin 2.7.4, which is not vulnerable to this issue.
SolutionUpdate the affected packages.