Thursday, May 17, 2012

Security Vulnerability in Pidgin-OTR

UPGRADE TO 3.2.1!

Versions 3.2.0 and earlier of the pidgin-otr plugin contain a security flaw.
This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine.

The flaw is in pidgin-otr, not in libotr.

Other applications which use libotr are not affected.

The recommended course of action is to upgrade pidgin-otr to version 3.2.1 immediately.

The new version can be obtained here:
http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-3.2.1-1.exe

Full Disclosure:
http://lists.cypherpunks.ca/pipermail/otr-announce/2012-May/000026.html