Security Information / 2016 / Security Information -- DSA-3620-1 pidgin

Debian Security Advisory

DSA-3620-1 pidgin -- security update

Date Reported:

15 Jul 2016

Affected Packages:

pidgin

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323.

More information:

Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service (application crash), overwrite files, information disclosure, or potentially to execute arbitrary code.

For the stable distribution (jessie), these problems have been fixed in version 2.11.0-0+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 2.11.0-1.

For the unstable distribution (sid), these problems have been fixed in version 2.11.0-1.

We recommend that you upgrade your pidgin packages.