Advisories ยป MGASA-2014-0295

Updated pidgin packages fix CVE-2014-3775

Publication date: 26 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3775


Updated pidgin packages fix security vulnerability:

It was discovered that libgadu incorrectly handled certain messages from
file relay servers. A malicious remote server or a man in the middle could
use this issue to cause applications using libgadu to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2014-3775).

The pidgin package was built with a bundled copy of the libgadu library which
contained the vulnerable code.  It has now been built against the external
libgadu library, which had been fixed in a previous update.

This update also fixes an issue with the Yahoo! protocol that was caused by a
bad interaction with the GnuTLS library.