oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request - libgadu

From: Tomas Hoger <thoger () redhat com>
Date: Wed, 29 Oct 2008 10:22:36 +0100
On Tue, 28 Oct 2008 11:23:56 +0100 Tomas Hoger <thoger () redhat com>
wrote:


New upstream libgadu version 1.8.2 is marked as security update and
seems to fix a buffer over-read flaw:

http://toxygen.net/libgadu/releases/1.8.2.html
https://bugzilla.redhat.com/show_bug.cgi?id=468830
https://admin.fedoraproject.org/updates/libgadu-1.8.2-1.fc9


Just for the future reference:

CVE-2008-4776:
libgadu before 1.8.2 allows remote servers to cause a denial of
service (crash) via a contact description with a large length, which
triggers a buffer over-read.

-- 
Tomas Hoger / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: