Joined: 12 May 2004
|Posted: Wed Feb 26, 2014 3:26 pm Post subject: [ GLSA 201402-27 ] pidgin-knotify: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: pidgin-knotify: Arbitrary code execution (GLSA 201402-27)
Date: February 26, 2014
A vulnerability in pidgin-knotify might allow remote attackers to
execute arbitrary code.
pidgin-knotify is a Pidgin plug-in to display message notifications in
Vulnerable: <= 0.2.1
Architectures: All supported architectures
pidgin-knotify does not properly sanitize shell metacharacters from
A remote attacker could send a specially crafted instant message,
possibly resulting in execution of arbitrary code with the privileges of
the Pidgin process.
There is no known workaround at this time.
Gentoo has discontinued support for pidgin-knotify. We recommend that
users unmerge pidgin-knotify:
|# emerge --unmerge "x11-plugins/pidgin-knotify"