Version 2.10.0 of Pidgin is now available to download. This latest maintenance and security update includes a number of bug fixes and addresses three vulnerabilities in the open source instant messenger (IM) application.
A bug in the libpurple library, used by Pidgin and other IM clients such as Adium and Meebo, that could lead Pidgin to crash on some operating systems has been fixed. According to the developers, the problem concerned certain characters in IRC user nicknames that could lead to a null pointer problem in the IRC protocol plugin. Clients based on version 2.8.0 through 2.9.0 libpurple are affected.
The update also fixes a problem in the MSN protocol plugin that could cause the application to try to access memory that it should not. The developers note that the vulnerability only affects users that enable the HTTP connection method, which is disabled by default, and that they “believe remote code execution is not possible”.
In the Windows builds, when users click on a file:// URI received in an IM, previous versions of Pidgin would attempt to execute the file. This could be dangerous if, for example, it led to a malicious file on a network share. Instead, the new version now opens a file browser at the file’s location.
Further information about the update, including a full list of bug fixes, can be found in the change log. Pidgin 2.10.0 is available to download for Windows, Mac OS X and Linux; as Ubuntu ships with Pidgin, but does not typically update it after a release, users should refer to the Ubuntu specific install page on the Pidgin site to install it on Ubuntu. Hosted on SourceForge, Pidgin is licensed under the GNU General Public Licence (GPL).
Source The H Open Source
Most Popular Tech Stories
- Claude AI’s Artifacts feature goes free for all users
- Kraken’s Bullish News To Fuel Meme Coin Rally – Is Pepe Unchained The Next Crypto to Explode?
- ADAM, the robot bartender, now serving baseball fans at Texas Rangers’ stadium
- Shiba Shootout Surges to $1M in Presale – Is It the Next Big Crypto for September?
- FlightAware data leak – you thought you were tracking planes, but now somebody could be tracking you – what you need to know
Latest News
PS6 will be backwards compatible thanks to AMD chip, it's claimed
Sony has only just fully unveiled the PS5 Pro, showcasing the power of a mid-generation upgrade, but we’ve now got some juicy details on the next hardware iteration - the...