First published: Mon Aug 22 2011(Updated: )
A flaw was found in the handling of HTTP 100 responses in the MSN protocol plugin. It can cause the application to attempt to access memory that it does not have access to. This only affects users who have turned on the HTTP connection method for their accounts (it's off by default). This might only be triggerable by a malicious server and not a malicious peer. Remote code execution is not possible. Reference: <a href="http://pidgin.im/news/security/?id=54">http://pidgin.im/news/security/?id=54</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pidgin Pidgin | =2.5.9 | |
Pidgin Pidgin | =2.5.8 | |
Pidgin Pidgin | =2.7.9 | |
Pidgin Pidgin | =2.7.5 | |
Pidgin Pidgin | =2.7.0 | |
Pidgin Pidgin | =2.1.0 | |
Pidgin Pidgin | =2.7.4 | |
Pidgin Pidgin | =2.6.0 | |
Pidgin Pidgin | =2.5.2 | |
Pidgin Pidgin | =2.5.1 | |
Pidgin Pidgin | =2.7.6 | |
Pidgin Pidgin | =2.7.11 | |
Pidgin Pidgin | =2.5.6 | |
Pidgin Pidgin | =2.7.10 | |
Pidgin Pidgin | =2.5.7 | |
Pidgin Pidgin | =2.0.1 | |
Pidgin Pidgin | =2.4.2 | |
Pidgin Pidgin | =2.7.3 | |
Pidgin Pidgin | =2.5.4 | |
Pidgin Pidgin | =2.5.5 | |
Pidgin Pidgin | =2.6.5 | |
Pidgin Pidgin | =2.2.2 | |
Pidgin Pidgin | =2.1.1 | |
Pidgin Pidgin | =2.3.1 | |
Pidgin Pidgin | =2.4.3 | |
Pidgin Pidgin | =2.6.6 | |
Pidgin Pidgin | =2.8.0 | |
Pidgin Pidgin | =2.0.0 | |
Pidgin Pidgin | =2.0.2 | |
Pidgin Pidgin | =2.3.0 | |
Pidgin Pidgin | =2.4.1 | |
Pidgin Pidgin | =2.4.0 | |
Pidgin Pidgin | =2.6.2 | |
Pidgin Pidgin | =2.5.0 | |
Pidgin Pidgin | =2.2.0 | |
Pidgin Pidgin | =2.2.1 | |
Pidgin Pidgin | =2.7.8 | |
Pidgin Pidgin | <=2.9.0 | |
Pidgin Pidgin | =2.7.7 | |
Pidgin Pidgin | =2.5.3 | |
Pidgin Pidgin | =2.6.1 | |
Pidgin Pidgin | =2.6.4 | |
Pidgin Pidgin | =2.7.2 | |
Pidgin Pidgin | =2.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.