*** This bug is a security vulnerability *** Public security bug reported:
> Multiple heap-based buffer overflow flaws were found in the way the > Base64 decoder of libotr, an Off-The-Record Messaging library and > toolkit, performed decoding of certain messages. A remote attacker > could provide a specially-crafted OTR message that once processed > in an application linked against libotr would lead to that > application crash or, potentially, arbitrary code execution with > the privileges of the user running the application. http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html ** Affects: libotr (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: libotr (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: libotr (Ubuntu Natty) Importance: Undecided Status: New ** Affects: libotr (Ubuntu Oneiric) Importance: Undecided Status: New ** Affects: libotr (Ubuntu Precise) Importance: Undecided Status: New ** Affects: libotr (Ubuntu Quantal) Importance: Undecided Status: Fix Released ** Affects: libotr (Debian) Importance: Unknown Status: Unknown ** This bug has been flagged as a security vulnerability ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3461 ** Bug watch added: Debian Bug tracker #684121 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 ** Also affects: libotr (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 Importance: Unknown Status: Unknown ** Description changed: > Multiple heap-based buffer overflow flaws were found in the way the > Base64 decoder of libotr, an Off-The-Record Messaging library and > toolkit, performed decoding of certain messages. A remote attacker > could provide a specially-crafted OTR message that once processed > in an application linked against libotr would lead to that > application crash or, potentially, arbitrary code execution with > the privileges of the user running the application. + + http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html ** Also affects: libotr (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: libotr (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: libotr (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: libotr (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: libotr (Ubuntu Quantal) Importance: Undecided Status: New ** Changed in: libotr (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1034623 Title: Multiple heap-based buffer overflows To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libotr/+bug/1034623/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs