Описание
Security update for gajim
This update to gajim 0.16.5 fixes the following security issues:
- CVE-2015-8688: Message interception due to unverified origin of roster push - Improve security on connexion and for roster managment (boo#960668)
The following on-security improvements were added:
- Improve MAM implementation.
- Ability for emoticons to be sorted in menu.
Список пакетов
openSUSE Leap 42.1
gajim-0.16.5-4.1
gajim-lang-0.16.5-4.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0102-1
- SUSE Security Ratings
Описание
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
Затронутые продукты
openSUSE Leap 42.1:gajim-0.16.5-4.1
openSUSE Leap 42.1:gajim-lang-0.16.5-4.1
Ссылки
- CVE-2015-8688
- SUSE Bug 1014976
- SUSE Bug 960668