Advisories ยป MGASA-2013-0170

Updated telepathy-gabble package fixes security vulnerability

Publication date: 18 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1431

Description

Maksim Otstavnov discovered that the Wocky submodule used by
telepathy-gabble does not respect the tls-required flag on legacy
Jabber servers. A network intermediary could use this vulnerability to
bypass TLS verification and perform a man-in-the-middle attack.
                

References

SRPMS

3/core

2/core