VDB
GCVE-110-MAGEIA-2014-295
GCVE-110-MAGEIA-2014-295
Advisory Published
Updated pidgin packages fix security vulnerability:
It was discovered that libgadu incorrectly handled certain messages from
file relay servers. A malicious remote server or a man in the middle could
use this issue to cause applications using libgadu to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2014-3775).
The pidgin package was built with a bundled copy of the libgadu library which
contained the vulnerable code. It has now been built against the external
libgadu library, which had been fixed in a previous update.
This update also fixes an issue with the Yahoo! protocol that was caused by a
bad interaction with the GnuTLS library.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | pidgin | 0 (affected), 2.10.9-1.1.mga3 (unaffected) | — |
| Mageia | pidgin | 2.10.9-1.1.mga4 (unaffected), 0 (affected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.