Security update for pidgin-otr SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0878-1 Final 1 1 2016-03-24T10:40:56Z current 2016-03-24T10:40:56Z 2016-03-24T10:40:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pidgin-otr This update to pidgin-otr 4.0.2 fixes the following issue: - CVE-2015-8833: use-after-free issue during SMP (boo#970498) It also contains new and updated translations. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html E-Mail link for openSUSE-SU-2016:0878-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 pidgin-otr-4.0.2-7.1 pidgin-otr-4.0.2-7.1 as a component of openSUSE Leap 42.1 Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item. CVE-2015-8833 openSUSE Leap 42.1:pidgin-otr-4.0.2-7.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-03/msg00109.html https://www.suse.com/security/cve/CVE-2015-8833.html CVE-2015-8833 https://bugzilla.suse.com/970498 SUSE Bug 970498