Описание
Security update for libotr
This update for libotr fixes the following issue:
- Apply 'libotr-CVE-2016-2851.patch' to fix integer overflows that
used to occur on 64-bit architectures when receiving 4GB messages.
This flaw could potentially have been exploited by an attacker to
remotely execute arbitrary code on the user's machine
- (CVE-2016-2851, bsc#969785)
Список пакетов
SUSE Linux Enterprise Desktop 12
libotr5-4.0.0-9.1
SUSE Linux Enterprise Desktop 12 SP1
libotr5-4.0.0-9.1
SUSE Linux Enterprise Server 12
libotr5-4.0.0-9.1
SUSE Linux Enterprise Server 12 SP1
libotr5-4.0.0-9.1
SUSE Linux Enterprise Server for SAP Applications 12
libotr5-4.0.0-9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libotr5-4.0.0-9.1
SUSE Linux Enterprise Software Development Kit 12
libotr-devel-4.0.0-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libotr-devel-4.0.0-9.1
Ссылки
- Link for SUSE-SU-2016:0707-1
- E-Mail link for SUSE-SU-2016:0707-1
- SUSE Security Ratings
- SUSE Bug 969785
- SUSE CVE CVE-2016-2851 page
Описание
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libotr5-4.0.0-9.1
SUSE Linux Enterprise Desktop 12:libotr5-4.0.0-9.1
SUSE Linux Enterprise Server 12 SP1:libotr5-4.0.0-9.1
SUSE Linux Enterprise Server 12:libotr5-4.0.0-9.1
Ссылки
- CVE-2016-2851
- SUSE Bug 969785