Mandriva Update For Libotr MDVSA-2012:131 (libotr) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was found and corrected in libotr: Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code (CVE-2012-3461). The updated packages have been patched to correct this issue.

Affected

libotr on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-3461

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:120 (openssl)
Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)
Mandrake Security Advisory MDVSA-2009:124 (apache)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:177 (ruby)

Mandriva Update for libotr MDVSA-2012:131 (libotr)

Take action and discover your vulnerabilities