USN-2215-1: libgadu vulnerability
21 May 2014
libgadu could be made to crash or run programs if it received specially crafted network traffic.
Releases
Packages
- libgadu - Gadu-Gadu protocol library
Details
It was discovered that libgadu incorrectly handled certain messages from
file relay servers. A malicious remote server or a machine-in-the-middle could
use this issue to cause applications using libgadu to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10
Ubuntu 12.04
After a standard system update you need to restart your session to make all
the necessary changes.
References
Related notices
- USN-2216-1: libpurple-bin, finch-dev, libpurple-dev, pidgin, pidgin-data, pidgin-dev, libpurple0, finch