17933 – pidgin-otr new heap use-after-free security issue (CVE-2015-8833)

Bug 17933 - pidgin-otr new heap use-after-free security issue (CVE-2015-8833)

Summary: pidgin-otr new heap use-after-free security issue (CVE-2015-8833)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/680031/
Whiteboard:	MGA5-32-OK advisory
Keywords:	validated_update

Depends on:	17927
Blocks:
	Show dependency tree / graph

Reported:	2016-03-09 23:49 CET by David Walser
Modified:	2016-03-25 07:39 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	pidgin-otr-4.0.0-5.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-03-09 23:49:26 CET

A security issue in pidgin-otr was reported today (March 9):
http://openwall.com/lists/oss-security/2016/03/09/8

The issue is fixed in version 4.0.2.

Updated packages uploaded for Mageia 5 and Cauldron.

This should be tested with the libotr update in Bug 17927.

Advisory:
========================

Updated pidgin-otr package fixes security vulnerability:

The pidgin-otr plugin before 4.0.2 is vulnerable to a heap use after free
error. The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog.

References:
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
http://openwall.com/lists/oss-security/2016/03/09/8
========================

Updated packages in core/updates_testing:
========================
pidgin-otr-4.0.2-1.mga5

from pidgin-otr-4.0.2-1.mga5.src.rpm

David Walser 2016-03-09 23:49:58 CET

Depends on: (none) => 17927

Comment 1 David Walser 2016-03-10 15:55:48 CET

CVE-2015-8833 has been assigned:
http://openwall.com/lists/oss-security/2016/03/09/13

Advisory:
========================

Updated pidgin-otr package fixes security vulnerability:

The pidgin-otr plugin before 4.0.2 is vulnerable to a heap use after free
error. The bug is triggered when a user tries to authenticate a buddy and
happens in the function create_smp_dialog (CVE-2015-8833).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8833
https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
http://openwall.com/lists/oss-security/2016/03/09/13

Summary: pidgin-otr new heap use-after-free security issue => pidgin-otr new heap use-after-free security issue (CVE-2015-8833)

David Walser 2016-03-14 19:36:39 CET

URL: (none) => http://lwn.net/Vulnerabilities/680031/

Comment 2 Herman Viaene 2016-03-24 10:37:03 CET

MGA5-32 on Acer D620 Xfce
No installation issues BUT
when running this configuration the first time at CLI I got:
$ pidgin 
Couldn't create plugins dir
Expected libotr API version 4.1.1 incompatible with actual version 4.0.0.  Aborting.
I had to install the libotr-4.1.1, it is present in our repos, so missed dependency???
After that I could do a conversation between this installation and a "normal" pidgin installation (where I made sure the standard pidgin-otr plugin was included) on a x86-64 MGA5

CC: (none) => herman.viaene

Herman Viaene 2016-03-24 21:49:35 CET

Whiteboard: (none) => MGA5-32-OK

Comment 3 claire robinson 2016-03-24 22:37:51 CET

Validating. Advisory todo.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Dave Hodgins 2016-03-25 06:15:46 CET

CC: (none) => davidwhodgins
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory

Comment 4 Mageia Robot 2016-03-25 07:39:58 CET

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0125.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.