USN-2091-1: OTR vulnerabilities

Ubuntu Security Notice USN-2091-1


29th January, 2014


libotr vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 12.04 LTS


Summary


Applications using the OTR secure chat protocol could be made to expose sensitive information over the network.


Software description



  • libotr - Off-the-Record Messaging library


Details


This update disables the OTR v1 protocol to prevent protocol downgrade

attacks.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 12.04 LTS:

libotr2 3.2.0-4ubuntu0.2


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to restart OTR applications to

make all the necessary changes.


References


LP: 1266016






via Ubuntu Security Notices http://bit.ly/1baoQnm