Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Slackware 14.x: 2022-120-01 Critical: Pidgin DNS Spoofing Risk

slackware
Calendar Grey April 30, 2022
Dist Slackware Esm H88
Fresh updates for the Pidgin application have been launched in Slackware, targeting a serious security vulnerability that allows for DNS spoofing attacks.
New pidgin packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/pidgin-2.14.9-i586-1_slack15.0.txz: Upgraded. Mitigate the potential for a man in the middle attack via DNS spoofing by removing the code that supported the _xmppconnect DNS TXT record. For more information, see: https://www.pidgin.im/about/security/advisories/cve-2022-26491/ https://www.cve.org/CVERecord?id=CVE-2022-26491 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical update slackware dns spoofing pidgin fix

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/pidgin-2.12.0-i486-2_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/pidgin-2.12.0-x86_64-2_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/pidgin-2.12.0-i486-2_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/pidgin-2.12.0-x86_64-2_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/pidgin-2.12.0-i586-2_slack14.2.txz
Updated package for Slackw...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: c59bd678d1b199c036c8bfb75ca399c8 pidgin-2.12.0-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: 887fb4057696463926ad58474285f07f pidgin-2.12.0-x86_64-2_slack14.0.txz
Slackware 14.1 package: e9cb93c85f98bfa880ec67c54af6ed6c pidgin-2.12.0-i486-2_slack14.1.txz
Slackware x86_64 14.1 package: 86adbb2303e88642f1bd1b5707a7ddb8 pidgin-2.12.0-x86_64-2_slack14.1.txz
Slackware 14.2 package: 96c6521a1c4a6a81c0d5ddd72022830d pidgin-2.12.0-i586-2_slack14.2.txz
Slackware x86_64 14.2 package: 1b62360e3f9eda72af5c7f3991284ebf pidgin-2.12.0-x86_64-2_slack14.2.txz
Slackware 15.0 package: ed238ac913f686097290072f2a01754d pidgin-2.14.9-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 63d4388542216a12f3a90614484295fb pidgin-2.14.9-x86_64-1_slack15.0.txz
Slackware -current package: 769364f2537c93b74ea039228521d8a6 xap/pidgin-2.14.9-i586-1.txz
Slackware x86_64 -current package: ec5431b3a2068a05bd6cbd0426e816a0 xap/pidgin-2.14.9-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical update slackware dns spoofing pidgin fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg pidgin-2.14.9-i586-1_slack15.0.txz

Related News

Your message here