In association with heise online

15 December 2011, 16:02

Pidgin IM client 2.10.1 fixes crashing vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Pidgin logo The Pidgin developers have released version 2.10.1 of their open source instant messenger application to fix several bugs and close security holes found in previous builds. The maintenance and security update addresses a total of four denial-of-service (DoS) vulnerabilities that could be exploited by an attacker to cause the application to be terminated.

According to the developers, three of these issues were caused by incoming strings not being validated as UTF-8, while the fourth was due to a bug in the XMPP protocol plug-in that made it fail if certain required fields were missing in an incoming message. Previous versions up to and including 2.10.0 are affected; upgrading to 2.10.1 fixes these issues – all users are advised to upgrade. Other changes include fixes for Bonjour and IPv6, fetching Yahoo! IM buddy icons, and Gadu-Gadu linking against GnuTLS.

More details about the release, including a full list of changes, can be found in the change log and in the security advisories. Pidgin 2.10.1 is available to download for Windows, Mac OS X and Linux. Hosted on SourceForge, Pidgin is licensed under the GPLv2.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit