ASA-201703-18 log generated external raw

[ASA-201703-18] libpurple: arbitrary code execution
Arch Linux Security Advisory ASA-201703-18 ========================================== Severity: High Date : 2017-03-21 CVE-ID : CVE-2017-2640 Package : libpurple Type : arbitrary code execution Remote : Yes Link : Summary ======= The package libpurple before version 2.12.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.12.0-1. # pacman -Syu "libpurple>=2.12.0-1" The problem has been fixed upstream in version 2.12.0. Workaround ========== None. Description =========== An out-of-bounds write has been found in libpurple < 2.12.0 in the purple_markup_unescape_entity function. This issue can be triggered by a malicious server sending invalid XML entities separated by whitespace, eg "ஸ" to the client. Impact ====== A remote attacker is able to execute arbitrary code on the affected host if it connects to a malicious server. References ==========