Advisories » MGASA-2014-0074

Updated libgadu packages fix security vulnerability

Publication date: 16 Feb 2014
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6487

Description

A malicious server or man-in-the-middle could send a large value for
Content-Length and cause an integer overflow which could lead to a buffer
overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).
                

References

• http://libgadu.net/releases/1.11.3.html
• http://www.debian.org/security/2014/dsa-2852
• https://bugs.mageia.org/show_bug.cgi?id=12709
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487

SRPMS

3/core

• libgadu-1.11.3-1.mga3

4/core

• libgadu-1.11.3-1.mga4