Skype for Linux hotfix plugs security hole
Skype has issued a hotfix release for its popular closed source VoIP, video and text chat software for Linux, nearly one year after the last update arrived. The new version of Skype for Linux, labelled 18.104.22.168, is a minor update that includes an upgraded version of the libpng PNG reference library, which closes a security hole.
While specific details are not provided by Skype, this is likely to be the same integer overflow vulnerability that prompted Mozilla to release unscheduled updates for the Firefox web browser and the Thunderbird news and email client earlier this year. According to its developers, the security problem only affects the static package of Skype for Linux downloaded directly from the company; other versions such as those supplied by the Ubuntu Software Centre or packaged for particular Linux distributions by Skype are not affected by the issue. Those unaffected versions remain at version 22.214.171.124 and are not vulnerable as they dynamically link with the host operating system's, hopefully patched long ago, libpng library.
More details about the update can be found in the announcement blog post. The static version of Skype for Linux 126.96.36.199 is available to download and runs on various distributions including Ubuntu, Debian and Fedora. While Skype 2.2 was released more than a year ago and has since been updated, the company still considers it to be "beta" software.
- Skype 2.2 Beta for Linux released, a report from The H.