Date: Wed, 9 Mar 2016 20:21:45 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Heap use after free in Pidgin-OTR plugin https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html The pidgin-otr plugin version 4.0.2 fixes a heap use after free error. The bug is triggered when a user tries to authenticate a buddy and happens in the function create_smp_dialog. The bug was discovered with Address Sanitizer. This is yet another example why all C/C++ code should be tested with Address Sanitizer enabled. This bug was already independently discovered and reported in the otr bug tracker. https://bugs.otr.im/issues/88 Independend of this bug another more severe bug in Libotr itself was also disclosed today, please make sure you update both libotr (4.1.1) and the pidgin-otr plugin (4.0.2). https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/ Upstream bug report (contains Address Sanitizer stack trace): https://bugs.otr.im/issues/128 Commit / fix: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94 -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ