openSUSE-SU-2017:0531-1

Опубликовано: 21 фев. 2017

Источник: suse-cvrf

Описание

Security update for profanity

This update for profanity fixes the following issues:

Changes in profanity:

CVE-2017-5592: The incorrect message carbons implementation that could allow user impersonification was fixed (boo#1024696)

Список пакетов

openSUSE Leap 42.1

profanity-0.5.0-4.1

profanity-mini-0.5.0-4.1

profanity-standard-0.5.0-4.1

openSUSE Leap 42.2

profanity-0.5.0-4.1

profanity-mini-0.5.0-4.1

profanity-standard-0.5.0-4.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-02/msg00097.html
E-Mail link for openSUSE-SU-2017:0531-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).

Затронутые продукты

openSUSE Leap 42.1:profanity-0.5.0-4.1

openSUSE Leap 42.1:profanity-mini-0.5.0-4.1

openSUSE Leap 42.1:profanity-standard-0.5.0-4.1

openSUSE Leap 42.2:profanity-0.5.0-4.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-5592.html
CVE-2017-5592
https://bugzilla.suse.com/1024696
SUSE Bug 1024696

openSUSE-SU-2017:0531-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-5592

Описание

Затронутые продукты

Ссылки