Updated mcabber packages fix security vulnerability
Publication date: 30 Dec 2016Modification date: 30 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9928
Description
It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber (XMPP) client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza (CVE-2016-9928).
References
SRPMS
5/core
- mcabber-0.10.1-9.1.mga5