Red Hat Bugzilla – Bug 822226
CVE-2012-2369 pidgin-otr: Format string security flaw in pidgin-otr
Last modified: 2012-07-19 10:02:42 EDT
Ian Goldberg firstname.lastname@example.org reports:
Off-the-Record Messaging (OTR) Security Advisory 2012-01
Format string security flaw in pidgin-otr
Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format
string security flaw. This flaw could potentially be exploited by
a remote attacker to cause arbitrary code to be executed on the user's
The flaw is in pidgin-otr, not in libotr. Other applications which use
libotr are not affected.
CVE-2012-2369 has been assigned to this issue.
The recommended course of action is to upgrade pidgin-otr to version
3.2.1 immediately. The new version can be obtained here:
git://otr.git.sourceforge.net/gitroot/otr/pidgin-otr (branch 3.2_dev)
Version 4.0.0 (soon to be released) does not suffer from this flaw.
Linux and *BSD vendors and package maintainers have been notified, and
updated packages should be available from them.
these are all already in the updates repositories for EL6, F16 and F17