Advisories » MGASA-2016-0433

Updated mcabber packages fix security vulnerability

Publication date: 30 Dec 2016
Modification date: 30 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9928

Description

It was discovered that there was a "roster push attack" vulnerability in
mcabber, a console-based Jabber (XMPP) client. A remote attacker can
modify the roster and intercept messages via a crafted roster-push IQ
stanza (CVE-2016-9928).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19858
• https://lwn.net/Alerts/707472/
• http://openwall.com/lists/oss-security/2016/12/11/2
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9928

SRPMS

5/core

• mcabber-0.10.1-9.1.mga5