Gentoo Linux
pidgin package

Bug #416306
Comment #9

Comment 9 for bug 416306

Revision history for this message

In Red Hat Bugzilla #514957, Jan (jan-redhat-bugs) wrote on 2009-08-21:

MITRE's CVE-2009-2694 record:
-----------------------------

The msn_slplink_process_msg function in
libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin
(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) by sending multiple
crafted SLP (aka MSNSLP) messages to trigger an overwrite of an
arbitrary memory location. NOTE: this issue reportedly exists because
of an incomplete fix for CVE-2009-1376.

References:
-----------
http://www.coresecurity.com/content/libpurple-arbitrary-write
http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e
http://developer.pidgin.im/wiki/ChangeLog
http://www.pidgin.im/news/security/?id=34
http://secunia.com/advisories/36384
http://secunia.com/advisories/36392
http://secunia.com/advisories/36401
http://www.vupen.com/english/advisories/2009/2303

Gentoo Linuxpidgin package

Comment 9 for bug 416306

Gentoo Linux
pidgin package