[SECURITY] Fedora 24 Update: libotr-4.1.1-1.fc24

Off-the-Record Messaging Library and Toolkit This is a library and toolkit which implements Off-the-Record OTR Messagi ng. OTR allows you to have private conversations over IM by providing Encryptio n, Authentication, Deniability and Perfect forward secrecy...

[SECURITY] Fedora 23 Update: libotr-4.1.1-1.fc23

Off-the-Record Messaging Library and Toolkit This is a library and toolkit which implements Off-the-Record OTR Messagi ng. OTR allows you to have private conversations over IM by providing Encryptio n, Authentication, Deniability and Perfect forward secrecy...

[SECURITY] Fedora 22 Update: libotr-4.1.1-1.fc22

Off-the-Record Messaging Library and Toolkit This is a library and toolkit which implements Off-the-Record OTR Messagi ng. OTR allows you to have private conversations over IM by providing Encryptio n, Authentication, Deniability and Perfect forward secrecy...

Libotr Integer Overflow Vulnerability

libotr is an encrypted instant messaging delivery library Off-the-Record, OTR from Canadian software developer Ian Goldberg and the OTR development team that initiates private conversations on instant messaging and provides encryption, authentication, and other features. An integer overflow...

USN-2926-1: OTR vulnerability

Markus Vervier discovered that OTR incorrectly handled large incoming messages. A remote attacker could use this issue to cause OTR to crash, resulting in a denial of service, or possibly execute arbitrary code...

libotr Off-the-Record Secure Messaging Security Patch

Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication. The OTR...

Debian DSA-3512-1 : libotr - security update

Markus Vervier of X41 D-Sec GmbH discovered an integer overflow vulnerability in libotr, an off-the-record OTR messaging library, in the way how the sizes of portions of incoming messages were stored. A remote attacker can exploit this flaw by sending crafted messages to an application that is...

CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

DEBIAN-CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

UBUNTU-CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

CVE-2016-2531

CVE-2016-2531 affects the Wireshark RSL dissector and is caused by an off-by-one error in epan/dissectors/packet-rsl.c. A crafted packet triggering a 0xff tag value can cause an out-of-bounds read and application crash, leading to DoS. Affected versions are Wireshark 1.12.x before 1.12.10 and 2.0...

CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

Windows 10 Started Showing Ads on LockScreen — Here's How to Turn It OFF

If you've upgraded your older version of Windows OS to an all new Windows 10 operating system then you may have noticed an advertisement appearing on your desktop or laptop’s lock screen over the past couple of days. Yes, this is what Microsoft has chosen to generate revenue after offering Free...

FreeBSD : jasper -- multiple vulnerabilities (006e3b7c-d7d7-11e5-b85f-0018fe623f2b)

oCERT reports : The library is affected by a double-free vulnerability in function jasiccattrvaldestroy as well as a heap-based buffer overflow in function jp2decode. A specially crafted jp2 file can be used to trigger the vulnerabilities. oCERT reports : The library is affected by an off-by-one...

PT-2018-12655

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the chmd.c file of libmspack, where an off-by-one error in the CHM PMGI/PMGL chunk number validity checks could lead to denial of service. This occurs due to an...

PT-2018-12658

Name of the Vulnerable Software and Affected Versions libmspack versions prior to 0.7alpha Description An issue was discovered in the CHM decompression functionality of libmspack, specifically in the mspack/chmd.c file. The problem lies in an off-by-one error within the TOLOWER macro...

Network Time Protocol Authenticated Preemptable Modes Denial-of-Service Vulnerability

CERT VU357792 Summary Expected Behavior: The protocol should prevent against off-path Denial of Service attacks in authenticated broadcast and other modes which create preemptable associations, such as: multicast client, manycast client, pool client modes, and associations configured with the...

Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability

CERT VU357792 Summary To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will...

UBUNTU-CVE-2015-8872

The setfat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service invalid memory read and crash by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."...