1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200809-14 / bitlbee |
| Release Date | September 23, 2008 |
| Latest Revision | September 23, 2008: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-im/bitlbee | < 1.2.3 | >= 1.2.3 | All supported architectures |
Related bugreports: #236160
Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts.
BitlBee is an IRC to IM gateway that support multiple IM protocols.
Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference.
A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts.
There is no known workaround at this time.
All BitlBee users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3" |