ArchLinux: 201603-14: pidgin-otr: arbitrary code execution
Summary
The pidgin-otr plugin fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function create_smp_dialog. This issue is leading to denial of service or possibly remote code execution.
Resolution
Upgrade to 4.0.2-1.
# pacman -Syu "pidgin-otr>=4.0.2-1"
The problem has been fixed upstream in version 4.0.2.
References
https://access.redhat.com/security/cve/CVE-2015-8833 https://seclists.org/oss-sec/2016/q1/572 https://bugs.archlinux.org/task/48537
Workaround
None.