Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201603-6 ======================================== Severity: High Date : 2016-03-09 CVE-ID : CVE-2016-2851 Package : libotr Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package libotr before version 4.1.1-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 4.1.1-1. # pacman -Syu "libotr>=4.1.1-1" The problems has been fixed upstream in version 4.1.1. Workaround ========= None. Description ========== - CVE-2016-2851 (arbitrary code execution) Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer overflow security flaw. This flaw could potentially be exploited by a remote attacker to cause a heap buffer overflow and subsequently for arbitrary code to be executed on the user's machine. Impact ===== A remote attacker is able to create a payload that is leading to arbitrary code execution. References ========= https://access.redhat.com/security/cve/CVE-2016-2851 https://otr.cypherpunks.ca/