Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Mar 2016 20:21:45 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Heap use after free in Pidgin-OTR plugin

https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html

The pidgin-otr plugin version 4.0.2 fixes a heap use after free error.
The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog.

The bug was discovered with Address Sanitizer. This is yet another
example why all C/C++ code should be tested with Address Sanitizer
enabled.

This bug was already independently discovered and reported in the otr
bug tracker.
https://bugs.otr.im/issues/88

Independend of this bug another more severe bug in Libotr itself was
also disclosed today, please make sure you update both libotr (4.1.1)
and the pidgin-otr plugin (4.0.2).
https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/

Upstream bug report (contains Address Sanitizer stack trace):
https://bugs.otr.im/issues/128
Commit / fix:
https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ