Lots of crashes (exploitable?) reported in Fedora
Ethan Blanton
elb at pidgin.im
Fri Apr 13 14:19:51 EDT 2012
Vincent Danen spake unto us the following wisdom:
> Hi folks. I'm not sure whether this should be considered
> security-sensitive or not, but we've had a number of crashes reported on
> pidgin in Fedora:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=720781
Are the extra threads created by the crash-reporting process, or is
Fedora doing something stupid with plugins? I see at least some of
those include third-party plugins, some of which I do not recognize.
The threads seem to be using different glib contexts, so they may be
safe, but ...
> The bug is public as these were all sent by abrt collecting info on
> Pidgin crashes and they seem to be all over the place. I have not much
> experience with Pidgin or trying to determine whether or not these might
> be considered security flaws, but could you take a look at the bug and
> see if might be?
>
> Again, the bug is public but I wanted to give you a heads-up. I don't
> believe these are more than crashes, but at least one user in the bug
> seems to think these should be security-relevant.
The crash-on-demand from a jabber call is indeed concerning.
Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120413/9c092f9d/attachment.pgp>
More information about the security
mailing list