Pidgin 2.7.4 closes DoS vulnerability
The Pidgin development team has released version 2.7.4 of its open source instant messenger application. According to the developers, this maintenance and security update addresses a medium-risk vulnerability (CVE-2010-3711) in the libpurple library used by Pidgin and other instant messaging clients, including Adium and Meebo, that could lead due to a remote denial-of-service (DoS) attack.
Pidgin 2.7.4 closes more than 20 bugs and adds support for new drop-down account options, such as the ILC cipher and HMAC options, a new plug-in action menu under Tools for the Voice and Video Settings plug-in and improvements for Yahoo file transfers under some scenarios. Other changes include three new Root Certificate Authorities (CA), support for the Gadu-Gadu protocol in the gevolution plug-in and updates to Bonjour, which now requires version 2.0.0 or later of Apple's Bonjour Print Services. The developers also note that, due to the security issue, some translation updates that were submitted on Wednesday did not make it into the release.
Further information about the update can be found in the change log. Pidgin 2.7.4 is available to download for Windows, Mac OS X and RHEL based Linux distributions from the project's site. As Ubuntu ships with Pidgin, but does not typically update it after a release, it is necessary to refer to the Ubuntu specific install page on the Pidgin site to install 2.7.4 on Ubuntu. Pidgin is released under the GNU General Public License (GPL).
- Pidgin 2.7.4 released!, mailing list announcement.