[arch-security] [ASA-201703-18] libpurple: arbitrary code execution
Levente Polyak
anthraxx at archlinux.org
Thu Mar 23 19:01:08 UTC 2017
Arch Linux Security Advisory ASA-201703-18
==========================================
Severity: High
Date : 2017-03-21
CVE-ID : CVE-2017-2640
Package : libpurple
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-226
Summary
=======
The package libpurple before version 2.12.0-1 is vulnerable to
arbitrary code execution.
Resolution
==========
Upgrade to 2.12.0-1.
# pacman -Syu "libpurple>=2.12.0-1"
The problem has been fixed upstream in version 2.12.0.
Workaround
==========
None.
Description
===========
An out-of-bounds write has been found in libpurple < 2.12.0 in the
purple_markup_unescape_entity function. This issue can be triggered by
a malicious server sending invalid XML entities separated by
whitespace, eg "ஸ" to the client.
Impact
======
A remote attacker is able to execute arbitrary code on the affected
host if it connects to a malicious server.
References
==========
http://seclists.org/fulldisclosure/2017/Mar/57
https://www.pidgin.im/news/security/?id=109
https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9
https://security.archlinux.org/CVE-2017-2640
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170323/40dbf60c/attachment.asc>
More information about the arch-security
mailing list