[Pidgin] #6465: SECURITY: SILC users are vulnerable to remote code execution
Pidgin
trac at pidgin.im
Wed Jul 30 15:16:26 EDT 2008
#6465: SECURITY: SILC users are vulnerable to remote code execution
-------------------+--------------------------------------------------------
Reporter: dguido | Owner: elb
Type: defect | Status: new
Priority: minor | Component: SILC
Version: 2.4.3 | Keywords: security, buffer overflow, hacking, code execution, critical, silc
Pending: 0 |
-------------------+--------------------------------------------------------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1552
Pidgin 2.4.3 is built with a vulnerable version of the SILC Toolkit which
is affected by the above two, and potentially more, vulnerabilities. The
above vulnerabilities will allow remote code execution on an up-to-date
Pidgin installation connected to any SILC network. On the Windows, Pidgin
2.4.3 is built with SILC Toolkit v1.1.2 (released 04-Jul-2007).
The SILC Project released news as early as 09-Sep-2007 that v1.1.3 was out
and that it fixed many security bugs:
"Sep 9, 2007
SILC Toolkit 1.1.3 is out! This maintenance release fixes many security
bugs. Upgrading is recommended."
Ref: http://silcnet.org/general/news/news_toolkit.php
These bugs should be considered critical, as I cannot imagine a worse
vulnerability for an IM client. Please package version 1.1.7 of the SILC
Toolkit and release a new build of Pidgin as soon as possible.
SILC Toolkit v1.1.7:
http://www.silcnet.org/general/news/?item=toolkit_20080320_1
--
Ticket URL: <http://developer.pidgin.im/ticket/6465>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list