Advisories » MGASA-2017-0166

Updated gajim packages fix security vulnerability

Publication date: 10 Jun 2017
Modification date: 10 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10376

Description

Gajim unconditionally implements the "XEP-0146: Remote Controlling
Clients" extension, which may be abused by malicious XMPP servers to,
for example, extract plaintext from OTR encrypted sessions
(CVE-2016-10376).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20962
• http://openwall.com/lists/oss-security/2017/05/28/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376

SRPMS

5/core

• gajim-0.16.5-1.1.mga5