Mises à jour de sécurité

CVE-2023-5217 | Codec VP8 Buffer overflow

Publication date : 2023-10-30
State : public
Description : The desktop client is based on Electron based on Chromium. And Chromium versions prior to version 117.0.5938.132 with libvpx prior to 1.13.1 are vulnerable to out of bounds memory via shared crafted Video or potentially inline crafted Conferences.The Android app based on libvpx prior to 1.13.1 is vulnerable to out of bounds memory via shared crafted Video or potentially inline crafted Conferences.The Ios app based on libvpx prior to 1.13.1 is potentially vulnerable to out of bounds memory via inline crafted Conferences..

Affected versions:
Windows and Macosx Citadel desktop clients 7.8.1 and lower IOS app 7.8.1 and lower
Android 7.8.1 App and lower.

Remediation:
Update the Citadel destop to version 10/02/2023-7.8.2 or higher; if not automatically lauched - the update can be launched from the update menu.
Update the Citadel Android App tà 10/05/2023-7.8.2 version or higher.
Update the Citadel Ios App to 10/24/2023-7.9 version or higher.

Publication date: 2023-09-26
State: public
Description: The desktop client is based on Electron based on Chromium. And Chromium versions prior to version 116.0.5845.190 are vulnerable out of bounds memory via crafted WebP images.
Affected versions: Windows and Macosx Citadel desktop clients 7.8.0 and lower
Remediation: update the Citadel destop to version 09/14/2023-7.8.1 or higher; if not automatically launched - the update can be launched from the update menu.

Publication date: 2022-04-13T09:42:00.000Z
State: public
Description: We have discovered a vulnerability that can affect the Citadel client. The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.
Affected versions: 7.1.1 and lower
Remediation: update to version 7.1.2 or higher
- web client: just reload the page
- desktop client: launch update from the menu