openSUSE-SU-2017:1506-1

Опубликовано: 08 июн. 2017

Источник: suse-cvrf

Описание

Security update for gajim

This update for gajim fixes the following issues:

CVE-2016-10376: XEP-0146 extension can be abused by malicious XMPP servers (boo#1041163).
Update to version 0.16.7:
- Better compatibility with XEP-0191: Blocking Command.
- Gajim now depends on python-gnupg for PGP encryption.
- Remove usage of demandimport.
- Many minor bugfixes.
Move python-farstream-0_1 to Suggests.
Correct the licence to GPL-3.0.

Список пакетов

openSUSE Leap 42.2

gajim-0.16.7-2.3.1

gajim-lang-0.16.7-2.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-06/msg00020.html
E-Mail link for openSUSE-SU-2017:1506-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

Затронутые продукты

openSUSE Leap 42.2:gajim-0.16.7-2.3.1

openSUSE Leap 42.2:gajim-lang-0.16.7-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10376.html
CVE-2016-10376
https://bugzilla.suse.com/1041163
SUSE Bug 1041163

openSUSE-SU-2017:1506-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-10376

Описание

Затронутые продукты

Ссылки