[Secure-testing-team] Bug#817799: libotr5: Exploitable integer overflow vulnerability (CVE-2016-2851)
Michail Bachmann
m.bachmann at cms.hu-berlin.de
Thu Mar 10 13:49:20 UTC 2016
Package: libotr5
Version: 4.1.0-7
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
the libotr versions prior to 4.1.1 contain an integer overflow vulnerability.
This can cause buffer overflow that could lead to code execution. The
vulnerability has been assigned the CVE-2016-2851.
You can find more information here:
https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
Sincerely,
Michail Bachmann
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (300, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 4.4.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libotr5 depends on:
ii libc6 2.22-2
ii libgcrypt20 1.6.5-2
libotr5 recommends no packages.
Versions of packages libotr5 suggests:
pn libotr5-bin <none>
-- no debconf information
More information about the Secure-testing-team
mailing list