Dastardly security bugs in widely used chat app Pidgin have been discovered and patched. You should grab version 2.11 as it fixes the following exploitable information-leaking and buffer overflow programming blunders, all found by Cisco's Talos crew:
- CVE-2016-2365 - Pidgin MXIT Markup Command Denial of Service Vulnerability
- CVE-2016-2366 - Pidgin MXIT Table Command Denial of Service Vulnerability
- CVE-2016-2367 - Pidgin MXIT Avatar Length Memory Disclosure Vulnerability
- CVE-2016-2368 - Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerability
- CVE-2016-2369 - Pidgin MXIT CP SOCK REC TERM Denial of Service Vulnerability
- CVE-2016-2370 - Pidgin MXIT Custom Resource Denial of Service Vulnerability
- CVE-2016-2371 - Pidgin MXIT Extended Profiles Code Execution Vulnerability
- CVE-2016-2372 - Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability
- CVE-2016-2373 - Pidgin MXIT Contact Mood Denial of Service Vulnerability
- CVE-2016-2374 - Pidgin MXIT MultiMX Message Code Execution Vulnerability
- CVE-2016-2375 - Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability
- CVE-2016-2376 - Pidgin MXIT read stage Ox3 Code Execution Vulnerability
- CVE-2016-2377 - Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability
- CVE-2016-2378 - Pidgin MXIT get_utf8_string Code Execution Vulnerability
- CVE-2016-2380 - Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability
- CVE-2016-4323 - Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability
File overwriting and remote code execution is never a good thing, unless you're the person trying to hack someone. Patch away. Pidgin is, we're told, used by millions of people. ®