10 January 2011
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2011.0002 Vulnerability in pidgin may cause a crash 10 January 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pidgin 2.7.8 and prior Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2010-4528 Member content until: Wednesday, February 9 2011 OVERVIEW A new version of pidgin, a multi-protocol messenging client, has been released. IMPACT One security issue has been corrected which affects the MSN protocol handler of pidgin. * CVE-2010-4528 Pidgin may "crash when receiving short packets related to P2Pv2 messages."  MITIGATION Upgrade to pidgin 2.7.9 to correct this issue. We expect vendors who include this in their repository to include this update soon. REFERENCES  ChangeLog: Pidgin and Finch http://developer.pidgin.im/wiki/ChangeLog AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://www.auscert.org.au/1967 iD8DBQFNKmQd/iFOrG6YcBERAtijAJ949WhENj2UrvYKjrtVIR7B7ZBoMwCdFsi1 VU3Pf+0HHbwX1gopOmm7rig= =fiGQ -----END PGP SIGNATURE-----