back to article Emoticons blast three security holes in Pidgin :-(

Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but …

  1. tony2heads

    Novell Groupwise

    Always brings back bad memories. Please avoid mentioning them

    1. Chicken Marengo

      Re: Novell Groupwise

      >>Always brings back bad memories. Please avoid mentioning them

      Agreed, I read those two words and shuddered a little.

      At least no one mentioned Lotus Notes...

      1. flokie

        Re: Novell Groupwise

        Pidgin also supports Lotus Sametime. HTH.

      2. Anonymous Coward
        Anonymous Coward

        Re: Novell Groupwise

        > At least no one mentioned Lotus Notes...


        1. ecofeco Silver badge

          Re: Novell Groupwise

          "> At least no one mentioned Lotus Notes..."

          Thanks. Thanks a lot.

          >former Notes support

          (nfixup nupdall -r ncompact -c Stop me when you've had enough.)

    2. Yugguy

      Re: Novell Groupwise

      Now Banyan Vines - that WAS cool. LDAP way before Craptive Directory.

  2. Paul Crawford Silver badge

    I have Pidgin installed on my Linux box at home, but honestly never use it. Those I used to IM with now use Facebook's chat, which I don't like, and the rest just seem to have vanished with MSN closing.

    How many folk still use this?

    1. Gene Cash Silver badge

      I use it at work because it's easy to set up a local jabber server, and the client runs on anything, so the mac/linux folk don't feel left out for a change.

      It also does AOL and a couple other protocols that friends outside work use. I don't use Facebook either.

    2. Semaj

      I use it all the time. Though many of the people I want to chat to seem to be moving onto Skype. And anyone under 25 seems to be on KiK. What's with the weird proprietary ones being popular?

      You can use Pidgin to talk to Facebook friends though (well, until quite recently anyway, not sure about now). The added bonus being not having to look at stupid Facebook.

  3. Anonymous Coward
    Anonymous Coward

    Not so silently patched!

    Guess the author didn't bother to look at the news section of the pidgin site

    If they had been subscribed to pidgin mailing list then they would have got a security advisory on the 22/10/2014 informing them of the important security advisory for all users.

  4. Anonymous Coward
    Anonymous Coward

    Downloading binary to run is always a bad idea

    Just ripe for picking (whereas Unix systems, such as Mac OS, and Linux have on-board tar).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019