Versions 4.1.0 and earlier of libotr in 64-bit builds contain an integer overflow security flaw. This flaw could potentially be exploited by a remote attacker to cause a heap buffer overflow and subsequently for arbitrary code to be executed on the user's machine.

CVE-2016-2851 has been assigned to this issue.

Please upgrade to libotr version 4.1.1 immediately.

Users of libotr packages in Linux and *BSD distributions should see updated packages shortly.

This security release includes the following updates: