drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in OTR
Name: |
Ausführen beliebiger Kommandos in OTR |
|
ID: |
USN-2926-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS |
|
Datum: |
Fr, 11. März 2016, 07:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2851 |
|
Applikationen: |
libotr |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6295606830884939705== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="AGXtcdxT9NKWUI2KlAEbMs7DDv4xinM1s"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --AGXtcdxT9NKWUI2KlAEbMs7DDv4xinM1s Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2926-1 March 10, 2016
libotr vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
OTR could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - libotr: Off-the-Record Messaging library
Details:
Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libotr2 3.2.0-4ubuntu0.3
After a standard system update you need to restart OTR applications to make all the necessary changes
References: http://www.ubuntu.com/usn/usn-2926-1 CVE-2016-2851
Package Information: https://launchpad.net/ubuntu/+source/libotr/3.2.0-4ubuntu0.3
--AGXtcdxT9NKWUI2KlAEbMs7DDv4xinM1s Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJW4ZmUAAoJEGVp2FWnRL6TVYsQAJO0/hWREAevTv07RhU0scL+ TKZVRnO2RU9ylupdmqgy96iR6hIF2R91Z4Mm8fG188lzHtxKtr+N3Zzy/24KwXRD +OCSh0nCp4UWw5KQYKOSY04OikQaMesAdxsNx+eEEtBhYwcqIpgK+MZ1vorJ7Idu GyPcQcI8u2ZxPBCJf3UtxOVVmY0amgO1WbStI1BVHUP6vUBbGOn9M6r1kcFc8UdM iwuY5aBvYJn25+qwRpfbDEj7IYOFen7+kAisj653pjAmKH0QOb7nIUwLiwBwdOny io744LFTI9rqO3JZBBPK3zef+IkztQrHto7F0XaEKFo2WbpM2Ya7kkIuBpt+o8oD n8T7zju2WCkKWOpO9B/PlY4ArMPWRoNtAbbT/e0OLHpRY59GgCPxvmpoKQ0sTwO9 N99Z9CtVLXl+jBM6R1erxrbLvJlqv2tVuGxniD7NhjTnfraEqELPvxPm4eMlfbt9 C2JdD5SJKfdDpWtL8rXXf6ba9+gK3iqB9qrCe7BoSSG8ygErMG1OykX+k6gDm0Y9 A7Pmcak5SOqlM+c8nMMh7nzlBevYEtNmJkE54WZ6p7dpvAyW10IyOmD70Kb1vmIH ikInLSAbSQbMXxkx9yrY8BV22vKYE+cR9P6r6NxfaYZqgZpJYBgIbtoVTQdahPOf r3KppEjgzpjxeky51OnW =2kNx -----END PGP SIGNATURE-----
--AGXtcdxT9NKWUI2KlAEbMs7DDv4xinM1s--
--===============6295606830884939705== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6295606830884939705==--
|
|
|
|