A vulnerability in Pidgin might allow remote attackers to execute arbitrary code.
|Package||net-im/pidgin on all architectures|
|Affected versions||< 2.12.0|
|Unaffected versions||>= 2.12.0|
Pidgin is a GTK Instant Messenger client for a variety of instant messaging protocols.
Joseph Bisch discovered that Pidgin incorrectly handled certain xml messages.
A remote attacker could send a specially crafted instant message, possibly resulting in execution of arbitrary code with the privileges of the Pidgin process.
There is no known workaround at this time.
All Pidgin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.12.0"
June 06, 2017
June 06, 2017: 1