User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2011-15833 (libsocialweb)

Subject:  [SECURITY] Fedora 16 Update: libsocialweb-0.25.20-1.fc16
Date:  Fri, 25 Nov 2011 02:26:58 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-15833 2011-11-13 04:38:34 -------------------------------------------------------------------------------- Name : libsocialweb Product : Fedora 16 Version : 0.25.20 Release : 1.fc16 URL : Summary : A social network data aggregator Description : libsocialweb is a social data server which fetches data from the "social web", such as your friend's blog posts and photos, upcoming events, recently played tracks, and pending eBay* auctions. It also provides a service to update your status on web services which support it, such as MySpace* and Twitter*. -------------------------------------------------------------------------------- Update Information: CVE-2011-4129 A security flaw was found in the way the libsocialweb, a social network data aggregator, performed its initialization when this service start was initiated by the dbus daemon. Due to a deficiency in a way the libsocialweb service was initialized, an untrusted (non-SSL) network connection has been opened to remote Twitter service servers without explicit approval of the user, running the libsocialweb service on the local host. A remote attacker could use this flaw to conduct various MITM attacks and potentially alter integrity of the user account in question. * libsocialweb: The views will try and fetch content from the web service even if they aren't configured. * rest: enforce that the SSL certificate is valid -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 12 2011 Peter Robinson <> 0.25.20-1 - update to 0.25.20. Fixes CVE-2011-4129, RHBZ 752022 -------------------------------------------------------------------------------- References: [ 1 ] Bug #752022 - CVE-2011-4129 libsocialweb: Untrusted connection to Twitter without user's approval upon service start via dbus -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libsocialweb' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds