Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service.
|Package||net-im/pidgin on all architectures|
|Affected versions||< 2.5.9-r1|
|Unaffected versions||>= 2.5.9-r1|
Pidgin is a client for a variety of instant messaging protocols.
Multiple vulnerabilities were found in Pidgin:
A remote attacker could send specially crafted SLP (via MSN) or ICQ web messages, possibly leading to execution of arbitrary code with the privileges of the user running Pidgin, unauthorized information disclosure, or a Denial of Service.
There is no known workaround at this time.
All Pidgin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.9-r1"