USN-1250-1: Empathy vulnerabilities

28 October 2011

empathy vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS

Summary

Empathy could be made to run programs or display webpages via specially crafted nicknames.

Software Description

  • empathy - GNOME multi-protocol chat and call client

Details

It was discovered that a cross-site scripting (XSS) vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10
empathy - 3.2.0.1-0ubuntu1.1
Ubuntu 11.04
empathy - 2.34.0-0ubuntu3.2
Ubuntu 10.10
empathy - 2.32.1-0ubuntu1.2
Ubuntu 10.04 LTS
empathy - 2.30.3-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References