| |||||||||||||||||||
Ubuntu alert USN-1873-1 (telepathy-gabble)
========================================================================== Ubuntu Security Notice USN-1873-1 June 12, 2013 telepathy-gabble vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in telepathy-gabble. Software Description: - telepathy-gabble: Jabber/XMPP connection manager Details: Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431) It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: telepathy-gabble 0.16.5-0ubuntu1.1 Ubuntu 12.10: telepathy-gabble 0.16.1-2ubuntu0.1 Ubuntu 12.04 LTS: telepathy-gabble 0.16.0-0ubuntu3.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1873-1 CVE-2013-1431, CVE-2013-1769 Package Information: https://launchpad.net/ubuntu/+source/telepathy-gabble/0.1... https://launchpad.net/ubuntu/+source/telepathy-gabble/0.1... https://launchpad.net/ubuntu/+source/telepathy-gabble/0.1... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||