Thursday, August 20, 2009

Security Update: Pidgin

As i said yesterday, Pidgin 2.5.8 has a security problem and it's fixed in 2.5.9, so today, Slackware-current released one security update for pidgin.

Here's the changelog:
Wed Aug 19 16:02:54 CDT 2009
xap/pidgin-2.5.9-i486-1.txz: Upgraded.
This update fixes a bug in Pidgin's MSN protocol implementation can allow a remote attacker to send a malicious MSN message to a Pidgin user, which will possibly cause arbitrary code to be executed as that user.
This issue was discovered by Federico Muttis of Core Security Technologies.
For more information, see:
http://www.coresecurity.com/content/libpurple-arbitrary-write
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
(* Security fix *)