paul Posted October 21, 2010 Report Share Posted October 21, 2010 A security vulnerability has been identified and fixed in pidgin: It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service (CVE-2010-3711). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides pidgin 2.7.4, which is not vulnerable to this issue. Link to comment Share on other sites More sharing options...
Recommended Posts