Security Information / 2014 / Security Information -- DSA-2852-1 libgadu

Debian Security Advisory

DSA-2852-1 libgadu -- heap-based buffer overflow

Date Reported:

06 Feb 2014

Affected Packages:

libgadu

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-6487.

More information:

Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.

For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.9.0-2+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in version 1:1.11.2-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in version 1:1.11.3-1.

We recommend that you upgrade your libgadu packages.