Mandriva Linux Security Advisory 2010-041 – Multiple security vulnerabilities has been identified and fixed Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly. In a user in a multi-user chat room has a nickname containing ‘ ‘ then libpurple ends up having two users with username ‘ ‘ in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution. oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.6, which is not vulnerable to these issues.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86458/MDVSA-2010-041.txt
Source: https://packetstormsecurity.com/files/86458/Mandriva-Linux-Security-Advisory-2010-041.html