Mandriva Linux Security Advisory : libotr (MDVSA-2013:097)
Medium Nessus Plugin ID 66109
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was found and corrected in libotr :
Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code (CVE-2012-3461).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected lib64otr-devel, lib64otr2 and / or libotr-utils packages.