Canonical Fixes Pidgin Vulnerability In Ubuntu 13.10 And Ubuntu 12.04 LTS

Canonical yesterday released details about a Pidgin glitch in its operating systems Ubuntu 13.10 and Ubuntu 12.04 LTS, also releasing the details of fixing this vulnerability.

“It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.” adds the security notice, “The problem can be corrected by updating your system to the following package version:
Ubuntu 14.04 LTS:
libpurple0 1:2.10.9-0ubuntu3.1
Ubuntu 13.10:
libpurple0 1:2.10.7-0ubuntu4.
Ubuntu 12.04 LTS:
libpurple0 1:2.10.3-0ubuntu1.5
 Image Courtesy:
If you need assistance in updating your system, follow the instructions mentioned in the Ubuntu wiki. Restart Pidgin after the standard system update to be able to make the necessary changes.

As described in the notice, pidgin is a "graphical multi-protocol instant messaging client for X" and it could be made to run programs or crash upon receiving network traffic, specially crafted for the purpose, hence consider updating your systems sooner to be safe.

Build smarter apps with Machine Learning, Bots, Cognitive Services - Start free.

Start Learning Now