Advisories » MGASA-2016-0125

Updated pidgin-otr packages fix security vulnerability

Publication date: 25 Mar 2016
Modification date: 25 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8833

Description

The pidgin-otr plugin before 4.0.2 is vulnerable to a heap use after free
error. The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog (CVE-2015-8833).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17933
• https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
• http://openwall.com/lists/oss-security/2016/03/09/13
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8833

SRPMS

5/core

• pidgin-otr-4.0.2-1.mga5