Mandrake Local Security Checks : Mandriva Update for libotr MDVSA-2012:131 (libotr)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831719

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for libotr MDVSA-2012:131 (libotr)

Resumen: The remote host is missing an update for the 'libotr'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libotr'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was found and corrected in libotr:

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging
library, can be forced to perform zero-length allocations for heap
buffers that are used in base64 decoding routines. An attacker can
exploit this flaw by sending crafted messages to an application that
is using libotr to perform denial of service attacks or potentially
execute arbitrary code (CVE-2012-3461).

The updated packages have been patched to correct this issue.

Affected Software/OS:
libotr on Mandriva Linux 2011.0

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3461
54907
http://www.securityfocus.com/bid/54907
DSA-2526
http://www.debian.org/security/2012/dsa-2526
MDVSA-2012:131
http://www.mandriva.com/security/advisories?name=MDVSA-2012:131
MDVSA-2013:097
http://www.mandriva.com/security/advisories?name=MDVSA-2013:097
SUSE-SU-2012:1578
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.html
USN-1541-1
http://www.ubuntu.com/usn/USN-1541-1
[OTR-dev] 20120727 Re: otrl_base64_otr_decode() function...
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html
[OTR-dev] 20120727 otrl_base64_otr_decode() function...
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=1902baee5d4b056850274ed0fa8c2409f1187435
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1
http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=b17232f86f8e60d0d22caf9a2400494d3c77da58
https://bugzilla.redhat.com/show_bug.cgi?id=846377
libotr-base64-bo(77528)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77528
openSUSE-SU-2012:1525
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.html
openSUSE-SU-2013:0155
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.html

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831719
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for libotr MDVSA-2012:131 (libotr)
Resumen:	The remote host is missing an update for the 'libotr'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libotr' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was found and corrected in libotr: Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code (CVE-2012-3461). The updated packages have been patched to correct this issue. Affected Software/OS: libotr on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3461 54907 http://www.securityfocus.com/bid/54907 DSA-2526 http://www.debian.org/security/2012/dsa-2526 MDVSA-2012:131 http://www.mandriva.com/security/advisories?name=MDVSA-2012:131 MDVSA-2013:097 http://www.mandriva.com/security/advisories?name=MDVSA-2013:097 SUSE-SU-2012:1578 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00019.html USN-1541-1 http://www.ubuntu.com/usn/USN-1541-1 [OTR-dev] 20120727 Re: otrl_base64_otr_decode() function... http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001348.html [OTR-dev] 20120727 otrl_base64_otr_decode() function... http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=1902baee5d4b056850274ed0fa8c2409f1187435 http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr%3Ba=commitdiff%3Bh=b17232f86f8e60d0d22caf9a2400494d3c77da58 https://bugzilla.redhat.com/show_bug.cgi?id=846377 libotr-base64-bo(77528) https://exchange.xforce.ibmcloud.com/vulnerabilities/77528 openSUSE-SU-2012:1525 http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00016.html openSUSE-SU-2013:0155 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00019.html
Copyright	Copyright (C) 2012 Greenbone AG