Debian Security Advisory
DSA-3620-1 pidgin -- security update
- Date Reported:
- 15 Jul 2016
- Affected Packages:
- pidgin
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323.
- More information:
-
Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code.
For the stable distribution (jessie), these problems have been fixed in version 2.11.0-0+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 2.11.0-1.
For the unstable distribution (sid), these problems have been fixed in version 2.11.0-1.
We recommend that you upgrade your pidgin packages.