CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
82.7%
New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/loudmouth-1.5.3-i586-1_slack14.2.txz: Upgraded.
This update is needed for the mcabber security update.
patches/packages/mcabber-1.0.4-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue which can lead to a malicious actor
MITMing a conversation, or adding themselves as an entity on a third
parties roster (thereby granting themselves the associated priviledges
such as observing when the user is online).
For more information, see:
https://gultsch.de/gajim_roster_push_and_message_interception.html
https://vulners.com/cve/CVE-2016-9928
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mcabber-1.0.4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mcabber-1.0.4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mcabber-1.0.4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mcabber-1.0.4-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mcabber-1.0.4-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mcabber-1.0.4-x86_64-1_slack14.2.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mcabber-1.0.4-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/mcabber-1.0.4-x86_64-1.txz
MD5 signatures:
Slackware 14.0 package:
fd38253e79e4b766ad194d4fceaa5d8d mcabber-1.0.4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
c859617864745e03fd527fca1030d518 mcabber-1.0.4-x86_64-1_slack14.0.txz
Slackware 14.1 package:
d5adbde2cba42fcfa915c07814fb33b5 mcabber-1.0.4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
2af12adcb6691b94edd3f668eb424805 mcabber-1.0.4-x86_64-1_slack14.1.txz
Slackware 14.2 package:
d2a06d1fd910aecaaa384f115bb58bc3 mcabber-1.0.4-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
cda2b990fe27fb3a33039ffd53aad42e mcabber-1.0.4-x86_64-1_slack14.2.txz
Slackware -current package:
a2b3fc780a5013e96aee9924bac333c9 n/mcabber-1.0.4-i586-1.txz
Slackware x86_64 -current package:
e212a2abac6dd59728869361651ecdc7 n/mcabber-1.0.4-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg mcabber-1.0.4-i586-1_slack14.2.txz
A new loudmouth package is also provided. Be sure to update this as well.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
82.7%