|Bugzilla:||554335: CVE-2010-0277 pidgin MSN protocol plugin memory corruption|
The MITRE CVE dictionary describes this issue as:
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.
This issue was addressed for Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0115.html
We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|RHEL Desktop Workstation version 5 (pidgin)||RHSA-2010:0115||February 18, 2010|
|RHEL Optional Productivity Applications version 5 (pidgin)||RHSA-2010:0115||February 18, 2010|
|Red Hat Enterprise Linux version 4 (pidgin)||RHSA-2010:0115||February 18, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.