ArchLinux: 201603-6: libotr: arbitrary code execution
Summary
- CVE-2016-2851 (arbitrary code execution)
Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer
overflow security flaw. This flaw could potentially be exploited by a remote
attacker to cause a heap buffer overflow and subsequently for arbitrary code
to be executed on the user's machine.
Resolution
Upgrade to 4.1.1-1.
# pacman -Syu "libotr>=4.1.1-1"
The problems has been fixed upstream in version 4.1.1.
References
https://access.redhat.com/security/cve/CVE-2016-2851 https://otr.cypherpunks.ca/
Workaround
None.