Skype issued a security release for its closed source VoIP, video and text chat software for Linux, nearly one year after the last update arrived.
The new version of Skype for Linux, 22.214.171.124, is a minor update that includes an upgraded version of the libpng PNG reference library, which closes a security hole.
While specific details are not immediately available from Skype, this is likely to be the same integer overflow vulnerability that forced Mozilla to release unscheduled updates for the Firefox web browser and the Thunderbird news and email client earlier this year.
The security problem only affects the static package of Skype for Linux downloaded directly from the company; other versions such as those supplied by the Ubuntu Software Centre or packaged for particular Linux distributions by Skype do not suffer from the issue, its developers said. Those unaffected versions remain at version 126.96.36.199 and are not vulnerable as they dynamically link with the host operating system’s libpng library.
More details about the update are in the announcement blog post. The static version of Skype for Linux 188.8.131.52 is available to download and runs on various distributions including Ubuntu, Debian and Fedora. While Skype 2.2 released more than a year ago and has since updated, the company still considers it to be “beta” software.