Updated telepathy-gabble package fixes security vulnerability
Publication date: 18 Jun 2013Modification date: 18 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-1431
Description
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.
References
SRPMS
2/core
- telepathy-gabble-0.16.6-1.mga2
3/core
- telepathy-gabble-0.17.4-1.mga3