[Pidgin] #6465: SECURITY: SILC users are vulnerable to remote code execution

Pidgin trac at pidgin.im
Wed Jul 30 15:16:26 EDT 2008

#6465: SECURITY: SILC users are vulnerable to remote code execution
Reporter:  dguido  |       Owner:  elb                                                               
    Type:  defect  |      Status:  new                                                               
Priority:  minor   |   Component:  SILC                                                              
 Version:  2.4.3   |    Keywords:  security, buffer overflow, hacking, code execution, critical, silc
 Pending:  0       |  

 Pidgin 2.4.3 is built with a vulnerable version of the SILC Toolkit which
 is affected by the above two, and potentially more, vulnerabilities. The
 above vulnerabilities will allow remote code execution on an up-to-date
 Pidgin installation connected to any SILC network. On the Windows, Pidgin
 2.4.3 is built with SILC Toolkit v1.1.2 (released 04-Jul-2007).

 The SILC Project released news as early as 09-Sep-2007 that v1.1.3 was out
 and that it fixed many security bugs:
 "Sep 9, 2007
 SILC Toolkit 1.1.3 is out! This maintenance release fixes many security
 bugs. Upgrading is recommended."
 Ref: http://silcnet.org/general/news/news_toolkit.php

 These bugs should be considered critical, as I cannot imagine a worse
 vulnerability for an IM client. Please package version 1.1.7 of the SILC
 Toolkit and release a new build of Pidgin as soon as possible.

 SILC Toolkit v1.1.7:

Ticket URL: <http://developer.pidgin.im/ticket/6465>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list