Package name
libotr
Date
2013-04-10
Advisory ID
MDVSA-2013:097
Affected versions
MBS1 x86_64

Problem description

A vulnerability was found and corrected in libotr:

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging
library, can be forced to perform zero-length allocations for heap
buffers that are used in base64 decoding routines. An attacker can
exploit this flaw by sending crafted messages to an application that
is using libotr to perform denial of service attacks or potentially
execute arbitrary code (CVE-2012-3461).

The updated packages have been patched to correct this issue.

Updated packages

MBS1 x86_64

 d2d74c963e8d28f640a73a1fd2250880  mbs1/x86_64/lib64otr2-3.2.0-6.1.mbs1.x86_64.rpm
 02ba68747b2e3e7d5ba656a5b568ba2a  mbs1/x86_64/lib64otr-devel-3.2.0-6.1.mbs1.x86_64.rpm
 67bd7de29c7138e79c475898a58ccd98  mbs1/x86_64/libotr-utils-3.2.0-6.1.mbs1.x86_64.rpm 
 c429f649c06662ae2067945e1097c414  mbs1/SRPMS/libotr-3.2.0-6.1.mbs1.src.rpm

References