Mageia alert MGASA-2012-0140 (pidgin-otr) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0140: libotr-3.2.0-5.1.mga,
 pidgin-otr-3.2.0-3.1.mga (1,2/core) 
Date:
    	       Mon, 9 Jul 2012 15:43:45 +0200
Message-ID:
    	       <20120709134345.GA1235@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0140
Date: 	July 9th, 2012
Affected releases: 	1, 2


Description:
Updated pidgin-otr package fixes security vulnerability:

Format string vulnerability in the log_message_cb function in
otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin
before 3.2.1 for Pidgin might allow remote attackers to execute
arbitrary code via format string specifiers in data that generates
a log message (CVE-2012-2369).

libotr has also been updated to remove the .la file from the -devel
package, so that pidgin-otr will build correctly.


Updated Packages:
Mageia 1:
pidgin-otr-3.2.0-3.1.mga1
lib(64)otr2-3.2.0-5.1.mga1
lib(64)otr-devel-3.2.0-5.1.mga1
libotr-utils-3.2.0-5.1.mga1

Mageia 2:
pidgin-otr-3.2.0-3.1.mga2
lib(64)otr2-3.2.0-5.1.mga2
lib(64)otr-devel-3.2.0-5.1.mga2
libotr-utils-3.2.0-5.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2369
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=6007
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)