Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 29: FEDORA-2019-0eb6d51f81 Critical: Dino Message Source Issues

fedora
Calendar Grey September 19, 2019
Dist Fedora Esm H88
Fedora 29 has issued an update addressing three critical security vulnerabilities in the dino chat client, highlighting their importance for user data security and software dependability
Update dino to [a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which addresses three CVEs

Summary

A modern XMPP ("Jabber") chat client using GTK+/Vala.

Update dino to

[a96c8014](https://github.com/dino/dino/compare/016ab2c1...a96c8014), which

addresses three CVEs. CVE-2019-16235 ============== Dino did not properly

check the source of message carbons.

https://nvd.nist.gov/vuln/detail/CVE-2019-16235 Fixed in

https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930

CVE-2019-16236 ========== Dino did not check roster push authorization.

https://nvd.nist.gov/vuln/detail/CVE-2019-16236 Fixed in

https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9

CVE-2019-16237 ========== Dinot did not properly check the source of MAM

messages. https://nvd.nist.gov/vuln/detail/CVE-2019-16237 Fixed in

https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363

[ 1 ] Bug #1751851 - CVE-2019-16237: dino does not properly check the source of an MAM messages

https://bugzilla.redhat.com/show_bug.cgi?id=1751851

[ 2 ] Bug #1751849 - CVE-2019-16236: dino does not check roster push authorization

https://bugzilla.redhat.com/show_bug.cgi?id=1751849

[ 3 ] Bug #1751847 - CVE-2019-16235: Dino before does not properly check the source of a carbons

https://bugzilla.redhat.com/show_bug.cgi?id=1751847

su -c 'dnf upgrade --advisory FEDORA-2019-0eb6d51f81' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora DoS dino XMPP client message sources

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 0.0
Release: 0.12.20190912.git.a96c801.fc29
URL: https://github.com/dino/dino
Summary: Modern XMPP ("Jabber") Chat Client using GTK+/Vala

Topics%20covered

Topics Covered

security advisory Fedora DoS dino XMPP client message sources

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here