USN-2091-1: OTR vulnerabilities

29 January 2014

libotr vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

Applications using the OTR secure chat protocol could be made to expose sensitive information over the network.

Software Description

  • libotr - Off-the-Record Messaging library

Details

This update disables the OTR v1 protocol to prevent protocol downgrade attacks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS
libotr2 - 3.2.0-4ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart OTR applications to make all the necessary changes.

References