drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in telepathy-gabble
Name: |
Zwei Probleme in telepathy-gabble |
|
ID: |
USN-1873-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 |
|
Datum: |
Mi, 12. Juni 2013, 18:04 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769 |
|
Applikationen: |
telepathy-gabble |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============0199844306931553552== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigC8A3BAB1A3D8A02377C23EAF"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC8A3BAB1A3D8A02377C23EAF Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1873-1 June 12, 2013
telepathy-gabble vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in telepathy-gabble.
Software Description: - telepathy-gabble: Jabber/XMPP connection manager
Details:
Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431)
It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: telepathy-gabble 0.16.5-0ubuntu1.1
Ubuntu 12.10: telepathy-gabble 0.16.1-2ubuntu0.1
Ubuntu 12.04 LTS: telepathy-gabble 0.16.0-0ubuntu3.1
After a standard system update you need to restart your session to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1873-1 CVE-2013-1431, CVE-2013-1769
Package Information: https://launchpad.net/ubuntu/+source/telepathy-gabble/0.16.5-0ubuntu1.1 https://launchpad.net/ubuntu/+source/telepathy-gabble/0.16.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/telepathy-gabble/0.16.0-0ubuntu3.1
--------------enigC8A3BAB1A3D8A02377C23EAF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRuIeqAAoJEGVp2FWnRL6T2HkQALQEk7BpIwFohM7kCZFen6DW cpjiTmNUphwaG3OcoePV4Or1TIdhKGiu8R7I3s/vkOZl7zlCuL87/ACVUNT8DrDd h7EPY3lXjF3XTyo7dlg6HH1tnnUyrkLPVrLEnh5RGTSPXmTmfXkjI0Ydb6k1n3jJ b8Eo5Z6U4LE76Z/QorWfrv7ETFrey7TPMK25X6BqPuU5LoneHM0Xf2GuiqNIxhcT bu26+3KYnu58b7xoF817e/8y1iD8pfOzegBVwIlVlzoXmSQ5evvecWINHPg9Dpqx OyK2FJ/sJdpUBE3JhcwCQHwpIDOoh0wgktyMQppXeK568tDDAO6XAebj9Wf3g46k ohvdOqVUbi7SDKnvFVZi0+xhfxGsRLk95ct24E8Zc32mUHmzSaYhFcvjqDwm22h1 hSoDFZipy7+e01bYu50y9uH6mfpE2mpetSgjW+DZyEn+xcute9k3U6mEuDf8RkvD 0zoArH8yV9CyPZtUp0EaP0cfx2S3SkCCYumdUSduaPeSDzK7pXFB7JoVZHtUwaJ7 X/D71CWcS9JivBsBSctKgH5gWW3kPlaH7J1UvlwyVcZzJ6FGi7wH8CTELaq5fCYS oWG9rjRkSfJPWkDySqUXSh2+JxJUb1e7iz2YdyUqqWvRGPIRvrx4I3f6R96xNGD2 H4ci36txMuVdJBNTcHZk =MQga -----END PGP SIGNATURE-----
--------------enigC8A3BAB1A3D8A02377C23EAF--
--===============0199844306931553552== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0199844306931553552==--
|
|
|
|