Ubuntu 1067-1: Telepathy Gabble vulnerability

    Date17 Feb 2011
    CategoryUbuntu
    79
    Posted ByLinuxSecurity Advisories
    It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform man in the middle attacks (MITM) on streamed media.
    ===========================================================
    Ubuntu Security Notice USN-1067-1         February 17, 2011
    telepathy-gabble vulnerability
    https://launchpad.net/bugs/720201
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 9.10
    Ubuntu 10.04 LTS
    Ubuntu 10.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 9.10:
      telepathy-gabble                0.8.7-1ubuntu1.1
    
    Ubuntu 10.04 LTS:
      telepathy-gabble                0.8.12-0ubuntu1.1
    
    Ubuntu 10.10:
      telepathy-gabble                0.10.0-1ubuntu0.1
    
    After a standard system update you need to restart your session to make all
    the necessary changes.
    
    Details follow:
    
    It was discovered that Gabble did not verify the from field of google
    jingleinfo updates. This could allow a remote attacker to perform man
    in the middle attacks (MITM) on streamed media.
    
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1.diff.gz
          Size/MD5:    13990 351f08742f5f0ef7f90e8a750578e4e6
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1.dsc
          Size/MD5:     2553 6eac46deafcf04a43accfc7fb1a07b3a
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7.orig.tar.gz
          Size/MD5:  1480819 1ab5505b5410f79438a886097db7c16e
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.7-1ubuntu1.1_amd64.deb
          Size/MD5:   649224 9a4782cfa2df697de06fa11eb9151e87
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1_amd64.deb
          Size/MD5:   365310 3c03bc122de9118996c8c6d70f6609f7
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.7-1ubuntu1.1_i386.deb
          Size/MD5:   628852 55d4d2714a44cf52a54b525528dbea1d
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1_i386.deb
          Size/MD5:   337922 bfec94d872420b6fac30c01477497a09
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.7-1ubuntu1.1_armel.deb
          Size/MD5:   628220 a615df74072df46b513da927f31ee019
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1_armel.deb
          Size/MD5:   346390 7e527b84cc82934ef364827625c0677e
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.7-1ubuntu1.1_lpia.deb
          Size/MD5:   643428 482b5341331957a169a1bf41366c840f
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1_lpia.deb
          Size/MD5:   328280 c04413760c8c1d0d5c522e0b80218166
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.7-1ubuntu1.1_powerpc.deb
          Size/MD5:   655522 47807b94c25c2e3c294b178c05cdf847
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1_powerpc.deb
          Size/MD5:   345494 45e6da12c8d0e66946550515d701bfd5
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.7-1ubuntu1.1_sparc.deb
          Size/MD5:   583200 96d0f25f7d139fab0ea9efcaff56d2e2
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.7-1ubuntu1.1_sparc.deb
          Size/MD5:   331466 514a0c9dce3af6e618330fa221b00c4f
    
    Updated packages for Ubuntu 10.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1.diff.gz
          Size/MD5:    10969 bced372df48c20f3c8f19a61c5511057
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1.dsc
          Size/MD5:     2580 7b16f1de82f1577bf264330c17d164a2
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12.orig.tar.gz
          Size/MD5:  1520808 c344165154fe1642bd176e9a38e9ecce
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.12-0ubuntu1.1_amd64.deb
          Size/MD5:   658714 7456b882950cd45d3cfd9c438aec4a31
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1_amd64.deb
          Size/MD5:   374550 7cc95dfcbdd3dedce37fc42559cf9bc6
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.12-0ubuntu1.1_i386.deb
          Size/MD5:   638488 febdb1ee17671b884138e50f55e8c657
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1_i386.deb
          Size/MD5:   339056 770ef642261faf4e8fc4bbc6044f5e22
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.12-0ubuntu1.1_armel.deb
          Size/MD5:   648626 19c7e520d2afc6600007778e3d548de9
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1_armel.deb
          Size/MD5:   339056 12b9603a1a05349fe92d4b3b7a299924
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.12-0ubuntu1.1_powerpc.deb
          Size/MD5:   662726 26cc6d6f5bf18a810fb500f578e0d90b
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1_powerpc.deb
          Size/MD5:   349868 260b54bcadf671943f5e9561d1941483
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.8.12-0ubuntu1.1_sparc.deb
          Size/MD5:   596414 c47815983951bb05f2c39234e56960d3
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.8.12-0ubuntu1.1_sparc.deb
          Size/MD5:   351046 dec1577b62b081e02ee87eb9fe824694
    
    Updated packages for Ubuntu 10.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0-1ubuntu0.1.debian.tar.gz
          Size/MD5:    12071 931b9d3d19180d1f0fc13b1e7e1a4544
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0-1ubuntu0.1.dsc
          Size/MD5:     2577 ba76f8cc9997b81bf2b63c1e6f7dbe2f
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0.orig.tar.gz
          Size/MD5:  2939986 3c34d0bf73c69a33015aab68cef5cad6
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.10.0-1ubuntu0.1_amd64.deb
          Size/MD5:  1173588 6ae25fd58b8439c03fc54647443cc97f
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0-1ubuntu0.1_amd64.deb
          Size/MD5:   612642 759ce0e0ce14eef720114d2732ca9645
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.10.0-1ubuntu0.1_i386.deb
          Size/MD5:  1134694 e5bdbf43f2e09167083da335479ec933
        http://security.ubuntu.com/ubuntu/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0-1ubuntu0.1_i386.deb
          Size/MD5:   556366 0b0bf128fb049ce924f7c8fe6cfa8972
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.10.0-1ubuntu0.1_armel.deb
          Size/MD5:  1155908 6e26dd2437b2ba15fa7c6de28360472d
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0-1ubuntu0.1_armel.deb
          Size/MD5:   571668 dbba6096e42ca724b0333f8e45f27b2f
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble-dbg_0.10.0-1ubuntu0.1_powerpc.deb
          Size/MD5:  1183558 6b247e291498f6f91bf63bcab93f8162
        http://ports.ubuntu.com/pool/main/t/telepathy-gabble/telepathy-gabble_0.10.0-1ubuntu0.1_powerpc.deb
          Size/MD5:   576834 60c969b4008225d7e18115c238415975
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.