openSUSE-SU-2017:0515-1

Опубликовано: 20 фев. 2017

Источник: suse-cvrf

Описание

Security update for mcabber

mcabber was updated to 1.0.5 to fix the following issues:

Much better performances with huge rosters.
Fix an issue with carbons (CVE-2017-5589, boo#1024690).
Fix a small memory leak.
contrib/vim: Support reloading filetype detection.

Список пакетов

openSUSE Leap 42.2

mcabber-1.0.5-6.1

mcabber-devel-1.0.5-6.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-02/msg00094.html
E-Mail link for openSUSE-SU-2017:0515-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android).

Затронутые продукты

openSUSE Leap 42.2:mcabber-1.0.5-6.1

openSUSE Leap 42.2:mcabber-devel-1.0.5-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-5589.html
CVE-2017-5589
https://bugzilla.suse.com/1024687
SUSE Bug 1024687
https://bugzilla.suse.com/1024696
SUSE Bug 1024696
https://bugzilla.suse.com/1024736
SUSE Bug 1024736

openSUSE-SU-2017:0515-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-5589

Описание

Затронутые продукты

Ссылки