Security update for finch, libpurple and pidgin (important)

ID SUSE-SU-2012:0782-1
Type suse
Reporter Suse
Modified 2012-06-22T19:08:37


Various remote triggerable crashes in pidgin have been fixed:

  • CVE-2012-1178: In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text ().
  • CVE-2012-1178/CVE-2012-2318: Incoming messages with certain characters or character encodings can cause clients to crash.
  • CVE-2012-2214: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests.