Skype for Linux Security Fix

Tuesday, May 15, 2012 @ 09:05 AM gHale


Skype issued a security release for its closed source VoIP, video and text chat software for Linux, nearly one year after the last update arrived.

The new version of Skype for Linux, 2.2.0.99, is a minor update that includes an upgraded version of the libpng PNG reference library, which closes a security hole.

RELATED STORIES
Skype Alert: Tool can ID IP Address
Top HTTPS Websites Insecure
Hackers Find Global XSS Flaws
XSS Flaw in Skype Shop

While specific details are not immediately available from Skype, this is likely to be the same integer overflow vulnerability that forced Mozilla to release unscheduled updates for the Firefox web browser and the Thunderbird news and email client earlier this year.

The security problem only affects the static package of Skype for Linux downloaded directly from the company; other versions such as those supplied by the Ubuntu Software Centre or packaged for particular Linux distributions by Skype do not suffer from the issue, its developers said. Those unaffected versions remain at version 2.2.0.35 and are not vulnerable as they dynamically link with the host operating system’s libpng library.

More details about the update are in the announcement blog post. The static version of Skype for Linux 2.2.0.99 is available to download and runs on various distributions including Ubuntu, Debian and Fedora. While Skype 2.2 released more than a year ago and has since updated, the company still considers it to be “beta” software.



Leave a Reply

You must be logged in to post a comment.