openSUSE-SU-2019:0163-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for python-slixmpp

This update for python-slixmpp fixes the following issue:

Security issue fixed:

CVE-2019-1000021: Fixed incorrect Access Control vulnerability in XEP-0223 plugin (bsc#1124322)

Список пакетов

openSUSE Leap 15.0

python3-slixmpp-1.3.0-lp150.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W7P3GHNLBJCIJZH25GNB7WHAOXB54LRZ/#W7P3GHNLBJCIJZH25GNB7WHAOXB54LRZ
E-Mail link for openSUSE-SU-2019:0163-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1124322
SUSE Bug 1124322
https://www.suse.com/security/cve/CVE-2019-1000021/
SUSE CVE CVE-2019-1000021 page

Описание

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.

Затронутые продукты

openSUSE Leap 15.0:python3-slixmpp-1.3.0-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-1000021.html
CVE-2019-1000021
https://bugzilla.suse.com/1124322
SUSE Bug 1124322

openSUSE-SU-2019:0163-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-1000021

Описание

Затронутые продукты

Ссылки