exploitDog

openSUSE-SU-2022:10242-1

Опубликовано: 10 дек. 2022

Источник: suse-cvrf

Описание

Security update for python-slixmpp

This update for python-slixmpp fixes the following issues:

CVE-2022-45197: Fixed certificate hostname validation (boo#1205433)

Список пакетов

SUSE Package Hub 15 SP4

python3-slixmpp-1.4.2-bp154.2.3.1

openSUSE Leap 15.4

python3-slixmpp-1.4.2-bp154.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HEPLQSEZKJOMWR57SHWYRWJJTW2H32LD/
E-Mail link for openSUSE-SU-2022:10242-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205433
SUSE Bug 1205433
https://www.suse.com/security/cve/CVE-2022-45197/
SUSE CVE CVE-2022-45197 page

Описание

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

Затронутые продукты

SUSE Package Hub 15 SP4:python3-slixmpp-1.4.2-bp154.2.3.1

openSUSE Leap 15.4:python3-slixmpp-1.4.2-bp154.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-45197.html
CVE-2022-45197
https://bugzilla.suse.com/1205433
SUSE Bug 1205433