VDB

GCVE-110-MAGEIA-2014-295

GCVE-110-MAGEIA-2014-295
Advisory Published
Vulnetix · Advisory published July 26, 2014
Updated pidgin packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-3775). The pidgin package was built with a bundled copy of the libgadu library which contained the vulnerable code. It has now been built against the external libgadu library, which had been fixed in a previous update. This update also fixes an issue with the Yahoo! protocol that was caused by a bad interaction with the GnuTLS library.

Affected Products

VendorProductVersionsPlatforms
Mageiapidgin0 (affected), 2.10.9-1.1.mga3 (unaffected)
Mageiapidgin2.10.9-1.1.mga4 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›