USN-1873-1: telepathy-gabble vulnerabilities

Publication date

12 June 2013

Overview

Several security issues were fixed in telepathy-gabble.


Packages

Details

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled
TLS when connecting to legacy jabber servers. If a remote attacker were
able to perform a machine-in-the-middle attack, this flaw could be exploited to
view sensitive information. (CVE-2013-1431)

It was discovered that telepathy-gabble incorrectly handled certain
messages. A remote attacker could use this flaw to cause applications using
telepathy-gabble to crash, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769)

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled
TLS when connecting to legacy jabber servers. If a remote attacker were
able to perform a machine-in-the-middle attack, this flaw could be exploited to
view sensitive information. (CVE-2013-1431)

It was discovered that telepathy-gabble incorrectly handled certain
messages. A remote attacker could use this flaw to cause applications using
telepathy-gabble to crash, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769)

Update instructions

After a standard system update you need to restart your session to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
13.04 raring telepathy-gabble –  0.16.5-0ubuntu1.1
12.10 quantal telepathy-gabble –  0.16.1-2ubuntu0.1
12.04 precise telepathy-gabble –  0.16.0-0ubuntu3.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›