| |||||||||||||||||||
Mageia alert MGASA-2013-0096 (telepathy-gabble)
MGASA-2013-0096 Date: March 16rd, 2013 Affected releases: 2 Media: Core Description: Updated telepathy-gabble packages fix security vulnerability: NULL pointer dereference in telepathy-gabble before 0.16.5 which causes a crash when processing weirdly-shaped data forms in caps query replies. This bug can be triggered by any XMPP user who knows the bare JID of a user of a vulnerable client, without needing to be authorized to see that user's presence (CVE-2013-1769). The telepathy-gabble package has been updated to version to 0.16.5 to fix this issue as well as several other bugs. Updated Packages: i586: telepathy-gabble-0.16.5-1.mga2.i586.rpm telepathy-gabble-debug-0.16.5-1.mga2.i586.rpm x86_64: telepathy-gabble-0.16.5-1.mga2.x86_64.rpm telepathy-gabble-debug-0.16.5-1.mga2.x86_64.rpm SRPMS: telepathy-gabble-0.16.5-1.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769 http://lists.freedesktop.org/archives/telepathy/2013-Marc... https://bugs.freedesktop.org/show_bug.cgi?id=61433 http://lists.freedesktop.org/archives/telepathy/2013-Marc... http://lists.freedesktop.org/archives/telepathy/2012-Nove... http://lists.freedesktop.org/archives/telepathy/2012-Sept... http://lists.freedesktop.org/archives/telepathy/2012-Augu... http://lists.freedesktop.org/archives/telepathy/2012-June... https://bugs.mageia.org/show_bug.cgi?id=9316 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||