Ubuntu
libotr package

Multiple heap-based buffer overflows

Bug #1034623 reported by Felix Geyer
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libotr (Debian)
Fix Released
Unknown
libotr (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
Undecided
Steve Beattie
Natty
Fix Released
Undecided
Steve Beattie
Oneiric
Fix Released
Undecided
Steve Beattie
Precise
Fix Released
Undecided
Steve Beattie
Quantal
Fix Released
Undecided
Unassigned

Bug Description

> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.

http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html

See original description
Felix Geyer (debfx)
security vulnerability: no → yes
description: updated
Revision history for this message
Felix Geyer (debfx) wrote :

This bug was fixed in the package libotr - 3.2.1-1

---------------
libotr (3.2.1-1) unstable; urgency=high

  * Fix potential buffer overflow in base64 routines (Closes: #684121)

 -- Thibaut VARENE <email address hidden> Tue, 07 Aug 2012 12:24:15 +0200

Changed in libotr (Ubuntu):
status: New → Fix Released
Revision history for this message
Felix Geyer (debfx) wrote :
Revision history for this message
Felix Geyer (debfx) wrote :
Revision history for this message
Steve Beattie (sbeattie) wrote :

Debdiffs look good, will take it from here. Thanks!

Changed in libotr (Ubuntu Lucid):
assignee: nobody → Steve Beattie (sbeattie)
Changed in libotr (Ubuntu Natty):
assignee: nobody → Steve Beattie (sbeattie)
Changed in libotr (Ubuntu Oneiric):
assignee: nobody → Steve Beattie (sbeattie)
Changed in libotr (Ubuntu Precise):
assignee: nobody → Steve Beattie (sbeattie)
Changed in libotr (Ubuntu Lucid):
status: New → In Progress
Changed in libotr (Ubuntu Natty):
status: New → In Progress
Changed in libotr (Ubuntu Oneiric):
status: New → In Progress
Changed in libotr (Ubuntu Precise):
status: New → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in libotr (Debian):
status: Unknown → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libotr - 3.2.0-4ubuntu0.1

---------------
libotr (3.2.0-4ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
    - 0001-Use-ceil-instead-of-floor-to-compute-the-size-of-the.patch,
      0002-More-thorough-base64-fix.patch,
      0003-One-more-otrl_base64_decode-in-the-toolkit.patch:
      patches from upstream
    - CVE-2012-3461
 -- Felix Geyer <email address hidden> Thu, 09 Aug 2012 15:12:38 +0200

Changed in libotr (Ubuntu Precise):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libotr - 3.2.0-2ubuntu0.1

---------------
libotr (3.2.0-2ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
    - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
      apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
      6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
      1902baee5d4b056850274ed0fa8c2409f1187435
    - CVE-2012-3461
 -- Felix Geyer <email address hidden> Thu, 09 Aug 2012 15:30:03 +0200

Changed in libotr (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libotr - 3.2.0-2ubuntu1.1

---------------
libotr (3.2.0-2ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
    - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
      apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
      6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
      1902baee5d4b056850274ed0fa8c2409f1187435
    - CVE-2012-3461
 -- Felix Geyer <email address hidden> Thu, 09 Aug 2012 15:30:03 +0200

Changed in libotr (Ubuntu Natty):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libotr - 3.2.0-2.1ubuntu0.1

---------------
libotr (3.2.0-2.1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: multiple heap-based buffer overflows (LP: #1034623)
    - src/b64.c, src/b64.h, src/proto.c, toolkit/parse.c:
      apply upstream git commits b17232f86f8e60d0d22caf9a2400494d3c77da58,
      6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 and
      1902baee5d4b056850274ed0fa8c2409f1187435
    - CVE-2012-3461
 -- Felix Geyer <email address hidden> Thu, 09 Aug 2012 15:30:03 +0200

Changed in libotr (Ubuntu Oneiric):
status: In Progress → Fix Released
Bryce Harrington (bryce)
description: updated
Bryce Harrington (bryce)
description: updated
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.