Pidgin 2.10.0 Arrives With Security Flaws Patched
Instant messaging (IM) software Pidgin 2.10.0 has been lately patched using several vulnerability fixes while taking care of 3 security flaws within the software of open source kind, published The H Security in news on August 22, 2011.
Essentially, among the 3 stated flaws, one with the greatest adverse effect is reported to trigger from Pidgin earlier running files at the time end-users clicked URLs with the letters "file://." This, if abused, is capable of causing malware execution via getting users to open URLs, which lead onto files that network shares host. But, the flaw merely impacts Windows computers.
Security researchers say that the issue relates to some characters within user nicknames of Internet Relay Chat (IRC), which might result in an issue of null pointer within the Internet Relay Chat protocol plug-in. Users of versions 2.8.0 to 2.9.0 libpurple can be vulnerable, they warn.
One more patched flaw that Quality Analyst Djego Ibanez of Gamistry discovered lets attackers to run DOS (denial of service) assaults on Pidgin from the remote. Ibanez detected this flaw as CVE-2011-2943.
Moreover, the new security update as well addresses an issue within the MSN cross-platform plug-in, which can result in the software for gaining admission into memory, which is not desirable. The update designers observe that the flaw merely disturbs end-users who have their HTTP connection technique enabled that originally is default-disabled. As a result, they trust that it's not possible to have code being run remotely.
Furthermore, Pidgin is a cross-platform IM system of open source kind and utilizes a GTK+ associated front-end in addition to the libpurple store of files. It backs the majority of IM protocols as well as is spread using the GPL license.
In the meantime, within news of a similar kind, Internet giant Google lately patched eleven security flaws within its popular Chrome Web browser for Windows, Mac, Chrome Frame and Linux machines towards fixing a number of vulnerabilities, a few severe enough for making end-users susceptible to assaults running malevolent code. The company described one among those numerous vulnerabilities as "Critical," a rating that Google rarely assigns.
» SPAMfighter News - 31-08-2011