Gentoo Linux Security Advisory 201206-11 - Multiple vulnerabilities were found in Pidgin, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.10.0-r1 are affected.
fccbf14641980aaf2607eb97aeca7b851f33722796f8da32707b4794b511eb68
Mandriva Linux Security Advisory 2011-183 - When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing. When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash. This update provides pidgin 2.10.1, which is not vulnerable to these issues.
2d414ceea15e43838e4951396fac9e14dee36394f9b458f9c9cc1ccd87f5eee1
Ubuntu Security Notice 1273-1 - Marius Wachtler discovered that Pidgin incorrectly handled malformed YMSG messages in the Yahoo! protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS and 10.10. Marius Wachtler discovered that Pidgin incorrectly handled HTTP 100 responses in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. Various other issues were also addressed.
427e2e9a5b920f0b25f9f9b3c39fe9ad971c32495eb39a7878a1e2fcbfef91ee
Red Hat Security Advisory 2011-1371-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message.
f0ad974a63999ee0a2da67fe7b5c6434dc5657a1919e71a6c7d833f173143ae6