Advisories » MGASA-2016-0117

Updated libotr packages fix security vulnerability

Publication date: 25 Mar 2016
Modification date: 25 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2851

Description

A remote attacker may crash or execute arbitrary code in libotr before
4.1.1 by sending large OTR messages. While processing specially crafted
messages, attacker controlled data on the heap is written out of bounds
(CVE-2016-2851).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17927
• https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2851

SRPMS

5/core

• libotr-4.1.1-1.mga5