ArchLinux: 201702-11: kdenetwork-kopete: content spoofing
Summary
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.
Resolution
Upgrade to 16.12.2-2.
# pacman -Syu "kdenetwork-kopete>=16.12.2-2"
The problem has been fixed upstream but no release is available yet.
References
https://www.openwall.com/lists/oss-security/2017/02/09/29 https://security.archlinux.org/CVE-2017-5593
Workaround
None.