Pidgin is considered to be a fairly safe application and it’s not really open to vulnerabilities, but it seems that is not above reproach.
According to the security notice, “It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.”
For a more detailed description of the problems, you can see Canonical’s security notification. As usual, if you are using this package, you should consider upgrading as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest pidgin and libpurple0, and dovecot-imapd packages specific to each distribution. To apply the patch, run the Update Manager application.
If you don’t want to use the Software Updater, you can do this from a terminal. Open a terminal and enter the following commands:
sudo apt-get update
sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. In order to plug the vulnerability, you need to also restart Pidgin.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018