Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially-crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3
lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html
lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html
www.pidgin.im/news/security/?id=68
www.ubuntu.com/usn/USN-1746-1
access.redhat.com/security/updates/classification/#moderate
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221
rhn.redhat.com/errata/RHSA-2013-0646.html