blob: a467ae4ce572d56e3afbd1dac63012f4a3716613 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="201508-02">
<title>libgadu: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libgadu, the worst of
which may result in execution of arbitrary code.
<product type="ebuild">libgadu</product>
<announced>August 15, 2015</announced>
<revised>August 15, 2015: 1</revised>
<package name="net-libs/libgadu" auto="yes" arch="*">
<unaffected range="ge">1.12.0</unaffected>
<vulnerable range="lt">1.12.0</vulnerable>
<p>libgadu is a library that implements the client side of the Gadu-Gadu
<p>libgadu contains multiple vulnerabilities:</p>
<li>X.509 certificates are not properly validated (CVE-2013-4488)</li>
<li>A integer overflow error could lead to a buffer overflow
<li>Malformed responses from a Gadu-Gadu file relay server are not
properly handled (CVE-2014-3775)
<impact type="normal">
<p>A remote attacker may be able to execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or spoof
<p>There is no known workaround at this time.</p>
<p>All libgadu users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/libgadu-1.12.0"
<uri link="">CVE-2013-4488</uri>
<uri link="">CVE-2013-6487</uri>
<uri link="">CVE-2014-3775</uri>
<metadata tag="requester" timestamp="Mon, 22 Sep 2014 04:01:34 +0000">
<metadata tag="submitter" timestamp="Sat, 15 Aug 2015 12:51:37 +0000">ackle</metadata>