Further information on recent vulnerabilities.
As mentioned in the last blog, we fixed 4 vulnerabilities in Trillian 3.1 with our new 3.1.5.1 release. The links to the specific advisories are below:
- ZDI-CAN-169: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption Vulnerability
- iDefense: Trillian Multiple IRC Vulnerabilities
All of these vulnerabilities have been addressed in version 3.1.5.1 and we encourage everyone to upgrade to the latest version. We will be rolling out an auto-update for our existing customers shortly.
Special thanks to both the ZDI and iDefense teams for their assistance in reporting and resolving these issues; we’ve worked with a handful of vulnerability research firms in the past, and I can happily say that these folks are both top-notch researchers and extremely professional. We look forward to continuing our relationship with them both to ensure we bring you the most secure and error-free software possible!
May 2nd, 2007 at 4:45 pm
well, I’m using the Astra alpha as the native Trillian… er – maybe I should update the old one anyway… I hope the problem’s gone with the Alpha-PlugIns!
May 2nd, 2007 at 4:55 pm
It’s great that you guys made this update, but you need to make it so that “Check for Updates” in 3.1 alerts users to its presence. Currently it does not.
May 2nd, 2007 at 5:16 pm
Good point Hertie … are these vulnerabilities being checked for in Astra now as well hopefully?
May 2nd, 2007 at 6:25 pm
Heh. I just received the Full Disclosure Email on this Good Job Cerulean!
May 3rd, 2007 at 11:16 pm
I just installed the update. If you already have trillian installed, BACKUP YOUR DIRECTORY! The install overwrites all of your files and settings.
May 4th, 2007 at 12:16 am
Which means ZDI and iDefense are using Trillian too!