In association with heise online

19 February 2010, 12:09

Pidgin update fixes security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Pidgin Logo The Pidgin developers have released version 2.6.6 of their open source instant messenger application. In addition to the usual changes and bug fixes, the maintenance and security update addresses a total of three vulnerabilities in the the multi-platform instant messaging client.

A vulnerability in Finch, caused by certain nicknames in group chat rooms, can lead to a remote crash, however, the developers note that they "do not believe there is a possibility of remote code execution". The developers have set a maximum number of 'smileys' (emoticons) allowed in an individual conversation to address an exploit in Pidgin that could lead to a potential denial of service (DoS) situation when displaying a large number of emoticons. A third vulnerability in the MSN protocol plug-in that could cause a possible remote crash when parsing an incoming SLP message has also been fixed. The developers advise all users to update to the latest release.

More details about the release can be found in the change log. Pidgin 2.6.6 is available to download for Windows, Mac OS X and Linux. Pidgin is released under the GNU General Public License (GPL).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit