Mandriva Linux Security Advisory : pidgin (MDVSA-2012:029)
Medium Nessus Plugin ID 61945
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in pidgin :
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room (CVE-2011-4939).
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding (CVE-2012-1178).
This update provides pidgin 2.10.2, which is not vulnerable to these issues.
SolutionUpdate the affected packages.