Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Slackware 14.x Security Update: SSA:2017-082-01 Critical XMPP Threat

slackware
Calendar Grey March 24, 2017
Dist Slackware Esm H88
Recent mcabber updates for Slackware address a significant identity theft vulnerability associated with XMPP Message Carbons exploitation.
New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mcabber-1.0.5-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. For more information, see: https://www.cve.org/CVERecord?id=CVE-2017-5604 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical social engineering Slackware impersonation XMPP

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mcabber-1.0.5-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mcabber-1.0.5-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mcabber-1.0.5-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mcabber-1.0.5-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mcabber-1.0.5-i586-1_slack14.2.txz
Updated package for Slackw...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: 3c346e3477d698b3c925849ec92a77a9 mcabber-1.0.5-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 2a3a39371b176e73c2cdc0ea66a187ee mcabber-1.0.5-x86_64-1_slack14.0.txz
Slackware 14.1 package: 3aa13a8ea5326e265fcbbd798830f2cd mcabber-1.0.5-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: dad55307a2cb12b40b74a2e05ea9ba19 mcabber-1.0.5-x86_64-1_slack14.1.txz
Slackware 14.2 package: 764519e670ea2f4a6eec0d7d964e1aa8 mcabber-1.0.5-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: be63fce2708395a76b5af665047b8b54 mcabber-1.0.5-x86_64-1_slack14.2.txz
Slackware -current package: 82761c1dcf7f0641c3bfc91034f324fc n/mcabber-1.0.5-i586-1.txz
Slackware x86_64 -current package: a6605073494ea1ded0813c15faa57545 n/mcabber-1.0.5-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical social engineering Slackware impersonation XMPP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg mcabber-1.0.5-i586-1_slack14.2.txz

Related News

Your message here