Pidgin 2.7.11 closes DoS bug
The Pidgin development team has issued version 2.7.11 of its open source instant messenger application. According to security specialist Secunia, the maintenance and security update corrects a NULL pointer dereference error when processing certain YMSG (Yahoo!/Yahoo! JAPAN messenger) packets that could be used by an attacker to cause a denial-of-service (DoS) condition. Other changes include fixes for file transfers, adding MSN buddies and an issue affecting AIM and ICQ users that would prevent the application from displaying some buddies from a user's buddy list. All users are advised to upgrade.
More details about the update can be found in the change log. Pidgin 2.7.11 is available to download for Windows, Mac OS X and RHEL based Linux distributions from the project's site. As Ubuntu ships with Pidgin, but does not typically update it after a release, it is necessary to refer to the Ubuntu specific install page on the Pidgin site to install 2.7.8 on Ubuntu. Pidgin is licensed under the GNU General Public Licence (GPL).
- Pidgin YMSG Denial of Service Weakness, security advisory from Secunia.