Описание
Security update for libotr
This update for libotr fixes the following issues:
- Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that used to occur on 64-bit architectures when receiving 4GB messages. This flaw could potentially have been exploited by an attacker to remotely execute arbitrary code on the user's machine. (CVE-2016-2851, bsc#969785)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP4
libotr2-3.2.0-10.5.1
SUSE Linux Enterprise Server 11 SP4
libotr2-3.2.0-10.5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libotr2-3.2.0-10.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libotr-devel-3.2.0-10.5.1
Ссылки
- Link for SUSE-SU-2016:0706-1
- E-Mail link for SUSE-SU-2016:0706-1
- SUSE Security Ratings
- SUSE Bug 969785
- SUSE CVE CVE-2016-2851 page
Описание
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:libotr2-3.2.0-10.5.1
SUSE Linux Enterprise Server 11 SP4:libotr2-3.2.0-10.5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:libotr2-3.2.0-10.5.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libotr-devel-3.2.0-10.5.1
Ссылки
- CVE-2016-2851
- SUSE Bug 969785