It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 1.0.1-4+lenny2. For the testing distribution (squeeze), this problem has been fixed in version 1.6.2-1. For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1. We recommend that you upgrade your barnowl packages.
It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code.
For the stable distribution (lenny), this problem has been fixed in version 1.0.1-4+lenny2.
For the testing distribution (squeeze), this problem has been fixed in version 1.6.2-1.
For the unstable distribution (sid), this problem has been fixed in version 1.6.2-1.
We recommend that you upgrade your barnowl packages.
MD5 checksums of the listed files are available in the original advisory.