Joined: 12 May 2004
|Posted: Tue Jul 11, 2017 7:26 am Post subject: [ GLSA 201706-10 ] Pidgin
|Gentoo Linux Security Advisory
Title: Pidgin: Arbitrary code execution (GLSA 201706-10)
A vulnerability in Pidgin might allow remote attackers to execute
Pidgin is a GTK Instant Messenger client for a variety of instant
Vulnerable: < 2.12.0
Unaffected: >= 2.12.0
Architectures: All supported architectures
Joseph Bisch discovered that Pidgin incorrectly handled certain xml
A remote attacker could send a specially crafted instant message,
possibly resulting in execution of arbitrary code with the privileges of
the Pidgin process.
There is no known workaround at this time.
All Pidgin users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/pidgin-2.12.0"