Arch Linux Security Advisory ASA-201603-6 ========================================= Severity: High Date : 2016-03-09 CVE-ID : CVE-2016-2851 Package : libotr Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libotr before version 4.1.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.1.1-1. # pacman -Syu "libotr>=4.1.1-1" The problems has been fixed upstream in version 4.1.1. Workaround ========== None. Description =========== - CVE-2016-2851 (arbitrary code execution) Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer overflow security flaw. This flaw could potentially be exploited by a remote attacker to cause a heap buffer overflow and subsequently for arbitrary code to be executed on the user's machine. Impact ====== A remote attacker is able to create a payload that is leading to arbitrary code execution. References ========== https://access.redhat.com/security/cve/CVE-2016-2851 https://otr.cypherpunks.ca/