Lucene search
Gentoo FoundationMGASA-2013-0170HistoryJun 18, 2013 - 6:56 p.m.
Updated telepathy-gabble package fixes security vulnerability
2013-06-1818:56:53
Gentoo Foundation
advisories.mageia.org
6
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 2 | noarch | telepathy-gabble | < 0.16.6-1 | telepathy-gabble-0.16.6-1.mga2 |
| Mageia | 3 | noarch | telepathy-gabble | < 0.17.4-1 | telepathy-gabble-0.17.4-1.mga3 |
Related
nessus
nessus
Debian DSA-2702-1 : telepathy-gabble - TLS verification bypass
2013-06-05 00:00:00
Fedora 18 : telepathy-gabble-0.16.6-1.fc18 (2013-9794)
2013-07-12 00:00:00
openSUSE Security Update : telepathy-gabble (openSUSE-SU-2013:1013-1)
2014-06-13 00:00:00
securityvulns
securityvulns
telepathy-gabbleprotection bypass
2013-06-17 00:00:00
[SECURITY] [DSA 2702-1] telepathy-gabble security update
2013-06-17 00:00:00
prion
prion
Authentication flaw
2013-09-23 20:55:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0170)
2022-01-28 00:00:00
Fedora Update for telepathy-gabble FEDORA-2013-9794
2013-06-10 00:00:00
osv
osv
telepathy-gabble - TLS verification bypass
2013-06-03 00:00:00
nvd
nvd
CVE-2013-1431
2013-09-23 20:55:07
debian
debian
[SECURITY] [DSA 2702-1] telepathy-gabble security update
2013-06-03 18:40:47
[SECURITY] [DSA 2702-1] telepathy-gabble security update
2013-06-03 18:40:47
freebsd
freebsd
telepathy-gabble -- TLS verification bypass
2013-05-27 00:00:00
debiancve
debiancve
CVE-2013-1431
2013-09-23 20:55:07
cvelist
cvelist
CVE-2013-1431
2013-09-23 20:00:00
cve
cve
CVE-2013-1431
2013-09-23 20:55:07
fedora
fedora
[SECURITY] Fedora 18 Update: telepathy-gabble-0.16.6-1.fc18
2013-06-09 02:25:45
ubuntucve
ubuntucve
CVE-2013-1431
2013-05-30 00:00:00
ubuntu
ubuntu
telepathy-gabble vulnerabilities
2013-06-12 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%
Related for MGASA-2013-0170