Debian Security Advisory
DSA-2852-1 libgadu -- heap-based buffer overflow
- Date Reported:
- 06 Feb 2014
- Affected Packages:
- libgadu
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-6487.
- More information:
-
Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.
For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.9.0-2+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in version 1:1.11.2-1+deb7u1.
For the unstable distribution (sid), this problem has been fixed in version 1:1.11.3-1.
We recommend that you upgrade your libgadu packages.