Mandriva Linux Security Advisory : pidgin (MDVSA-2011:183)
Medium Nessus Plugin ID 57079
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in pidgin :
When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing.
When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).
When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash (CVE-2011-3594).
This update provides pidgin 2.10.1, which is not vulnerable to these issues.
SolutionUpdate the affected packages.