Users of New barnowl packages please be advised of a unchecked return value vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA-2102-1: [DSA-2102-1] New barnowl packages fix arbitrary code execution
Vulnerability : unchecked return value
It has been discovered that in barnowl, a curses-based instant-messaging
client, the return codes of calls to the ZPending and ZReceiveNotice
functions in libzephyr were not checked, allowing attackers to cause a
denial of service (crash of the application), and possibly execute
arbitrary code.
Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/a0q6

No comments:
Post a Comment