- Nom du paquet
- Advisory ID
- Affected versions
- MBS1 x86_64
A vulnerability was found and corrected in libotr:
Just Ferguson discovered that libotr, an off-the-record (OTR) messaging
library, can be forced to perform zero-length allocations for heap
buffers that are used in base64 decoding routines. An attacker can
exploit this flaw by sending crafted messages to an application that
is using libotr to perform denial of service attacks or potentially
execute arbitrary code (CVE-2012-3461).
The updated packages have been patched to correct this issue.
d2d74c963e8d28f640a73a1fd2250880 mbs1/x86_64/lib64otr2-3.2.0-6.1.mbs1.x86_64.rpm 02ba68747b2e3e7d5ba656a5b568ba2a mbs1/x86_64/lib64otr-devel-3.2.0-6.1.mbs1.x86_64.rpm 67bd7de29c7138e79c475898a58ccd98 mbs1/x86_64/libotr-utils-3.2.0-6.1.mbs1.x86_64.rpm c429f649c06662ae2067945e1097c414 mbs1/SRPMS/libotr-3.2.0-6.1.mbs1.src.rpm