RHSA-2010:0788: Moderate: pidgin security update

First published: Thu Oct 21 2010(Updated: )

Pidgin is an instant messaging program which can log in to multiple<br>accounts on multiple instant messaging networks simultaneously.<br>Multiple NULL pointer dereference flaws were found in the way Pidgin<br>handled Base64 decoding. A remote attacker could use these flaws to crash<br>Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,<br>MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol<br>plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for<br>authentication. (CVE-2010-3711)<br>A NULL pointer dereference flaw was found in the way the Pidgin MSN<br>protocol plug-in processed custom emoticon messages. A remote attacker<br>could use this flaw to crash Pidgin by sending specially-crafted emoticon<br>messages during mutual communication. (CVE-2010-1624)<br>Red Hat would like to thank the Pidgin project for reporting these issues.<br>Upstream acknowledges Daniel Atallah as the original reporter of<br>CVE-2010-3711, and Pierre Nogues of Meta Security as the original reporter<br>of CVE-2010-1624.<br>All Pidgin users should upgrade to these updated packages, which contain<br>backported patches to resolve these issues. Pidgin must be restarted for<br>this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0788
• agent/software-canonical-lookup
• package-manager/redhat