Libotr patch closes security hole in messaging encryption tool

A software component for encrypting instant messaging clients has a flaw that could let attackers take over users’ machines, but there’s now a patch for the vulnerability.

The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.

OTR stands for Off-the-Record Messaging. It’s a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium. The integer overflow flaw was found by Markus Vervier of the German company X41 D-Sec, which released an advisory.

Tags: 

Read more: Libotr patch closes security hole in messaging encryption tool

Story added 11. March 2016, content source with full text you can find at link above.