Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Ubuntu 12.04 LTS USN-2091-1 Critical: libotr Information Leak

Calendar Jan 30, 2014 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory information leak Ubuntu OTR protocol libotr
Applications using the OTR secure chat protocol could be made to exposesensitive information over the network. 
=========================================================================Ubuntu Security Notice USN-2091-1
January 29, 2014

libotr vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Applications using the OTR secure chat protocol could be made to expose
sensitive information over the network.

Software Description:
- libotr: Off-the-Record Messaging library

Details:

This update disables the OTR v1 protocol to prevent protocol downgrade
attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  libotr2                         3.2.0-4ubuntu0.2

After a standard system update you need to restart OTR applications to
make all the necessary changes.

References:
  
  https://bugs.launchpad.net/ubuntu/+source/libotr/+bug/1266016

Package Information:
  https://launchpad.net/ubuntu/+source/libotr/3.2.0-4ubuntu0.2

Ubuntu 12.04 LTS USN-2091-1 Critical: libotr Information Leak

ubuntu
Calendar Grey January 30, 2014
Dist Ubuntu Esm H88
Applying security patches for OTR vulnerabilities in Ubuntu 12.04 LTS is essential to protect sensitive data transmitted over networks and reduce risks
Applications using the OTR secure chat protocol could be made to exposesensitive information over the network.

Summary

Topics%20covered

Topics Covered

security advisory information leak Ubuntu OTR protocol libotr

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libotr2 3.2.0-4ubuntu0.2 After a standard system update you need to restart OTR applications to make all the necessary changes.

References

https://bugs.launchpad.net/ubuntu/+source/libotr/+bug/1266016

Severity
critical
Lowest
Low
Medium
High
Critical

January 29, 2014

Topics%20covered

Topics Covered

security advisory information leak Ubuntu OTR protocol libotr

Package Information

https://launchpad.net/ubuntu/+source/libotr/3.2.0-4ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here