Sign in / up

back to article Emoticons blast three security holes in Pidgin :-(

Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. tony2heads

    Novell Groupwise

    Always brings back bad memories. Please avoid mentioning them

    5 0 Reply
    1. Chicken Marengo
      Reply Icon
      Facepalm

      Re: Novell Groupwise

      >>Always brings back bad memories. Please avoid mentioning them

      Agreed, I read those two words and shuddered a little.

      At least no one mentioned Lotus Notes...

      2 0 Reply
      1. flokie
        Reply Icon
        Devil

        Re: Novell Groupwise

        Pidgin also supports Lotus Sametime. HTH.

        0 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Novell Groupwise

        > At least no one mentioned Lotus Notes...

        AARRRGGGHHHH!!!!!

        2 0 Reply
        1. ecofeco Silver badge
          Reply Icon

          Re: Novell Groupwise

          "> At least no one mentioned Lotus Notes..."

          Thanks. Thanks a lot.

          >former Notes support

          (nfixup nupdall -r ncompact -c Stop me when you've had enough.)

          1 0 Reply
    2. Yugguy
      Reply Icon

      Re: Novell Groupwise

      Now Banyan Vines - that WAS cool. LDAP way before Craptive Directory.

      1 0 Reply
  2. Paul Crawford Silver badge

    I have Pidgin installed on my Linux box at home, but honestly never use it. Those I used to IM with now use Facebook's chat, which I don't like, and the rest just seem to have vanished with MSN closing.

    How many folk still use this?

    0 0 Reply
    1. Gene Cash Silver badge
      Reply Icon

      I use it at work because it's easy to set up a local jabber server, and the client runs on anything, so the mac/linux folk don't feel left out for a change.

      It also does AOL and a couple other protocols that friends outside work use. I don't use Facebook either.

      1 0 Reply
    2. Semaj
      Reply Icon

      I use it all the time. Though many of the people I want to chat to seem to be moving onto Skype. And anyone under 25 seems to be on KiK. What's with the weird proprietary ones being popular?

      You can use Pidgin to talk to Facebook friends though (well, until quite recently anyway, not sure about now). The added bonus being not having to look at stupid Facebook.

      0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Not so silently patched!

    Guess the author didn't bother to look at the news section of the pidgin site

    http://pidgin.im/news/security/

    If they had been subscribed to pidgin mailing list then they would have got a security advisory on the 22/10/2014 informing them of the important security advisory for all users.

    1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Downloading binary to run is always a bad idea

    Just ripe for picking (whereas Unix systems, such as Mac OS, and Linux have on-board tar).

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like