ALT-BU-2016-2635-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-2851
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
- openSUSE-SU-2016:0708
- openSUSE-SU-2016:0708
- openSUSE-SU-2016:0732
- openSUSE-SU-2016:0732
- 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
- 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
- DSA-3512
- DSA-3512
- 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
- 20160309 Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
- 84285
- 84285
- USN-2926-1
- USN-2926-1
- [OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1
- [OTR-users] 20160309 Security Advisory: upgrade to libotr 4.1.1
- GLSA-201701-10
- GLSA-201701-10
- 39550
- 39550
- https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
- https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
Package pidgin-otr updated to version 4.0.2-alt1 for branch sisyphus in task 161130.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-8833
Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item.
- SUSE-SU-2016:0912
- SUSE-SU-2016:0912
- openSUSE-SU-2016:0878
- openSUSE-SU-2016:0878
- DSA-3528
- DSA-3528
- [oss-security] 20160309 Re: Heap use after free in Pidgin-OTR plugin
- [oss-security] 20160309 Re: Heap use after free in Pidgin-OTR plugin
- [oss-security] 20160309 Heap use after free in Pidgin-OTR plugin
- [oss-security] 20160309 Heap use after free in Pidgin-OTR plugin
- 84295
- 84295
- https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
- https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin-CVE-2015-8833.html
- https://bugs.otr.im/issues/128
- https://bugs.otr.im/issues/128
- https://bugs.otr.im/issues/88
- https://bugs.otr.im/issues/88
- https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
- https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
- [OTR-users] 20160309 New releases of libotr (4.1.1) and pidgin-otr (4.0.2) available
- [OTR-users] 20160309 New releases of libotr (4.1.1) and pidgin-otr (4.0.2) available
- GLSA-201701-10
- GLSA-201701-10
Package firefox-esr updated to version 38.7.0-alt1 for branch sisyphus in task 161102.
Closed vulnerabilities
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
Closed bugs
lib.req doesn't give deps with the new ldd --list patch