Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts.
|Package||net-im/bitlbee on all architectures|
|Affected versions||< 1.2.3|
|Unaffected versions||>= 1.2.3|
BitlBee is an IRC to IM gateway that support multiple IM protocols.
Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference.
A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts.
There is no known workaround at this time.
All BitlBee users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-im/bitlbee-1.2.3"
September 23, 2008
September 23, 2008: 01