Secunia: A vulnerability has been reported in SILC (Secure Internet Live Conferencing) Toolkit, which potentially can be exploited by malicious people to compromise an application using the toolkit. The vulnerability is caused due to a boundary error within the function "silc_fingerprint()" in lib/silcutil/silcutil.c, which can be exploited to cause a stack-based buffer overflow if overly long data is passed to the function. The vulnerability is reported in versions prior to 1.1.6.
I'm not sure how an attacker can generate input to that function, maybe you guys from net-irc can help here. Also, is 1.1.6 good to go stable?
net-irc, please advise.
Its safe to go to stable, but i have no idea about that thing :)
Arches, please test and mark stable: =net-im/silc-toolkit-1.1.6 Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 release sparc x86"
ppc64 stable
alpha/ia64/sparc/x86 stable
Stable for HPPA.
amd64 stable
ppc stable
Fixed in release snapshot.
request filed
no mips stable.
GLSA 200804-27.