Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
87
security advisorydebiangajimDebian: DSA-3943-1 Critical: Gajim Remote Command Exposure
Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the "XEP-0146: Remote Controlling Clients" extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3943-1
Aug 14, 2017
•Critical
Debian
89
security advisoryfedorabug fixFedora: 2017-62547837ba Moderate: Gajim Connection Issues Fix
Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-62547837ba 2017-06-15 02:56:58.025328 --------------------------------------------------------------------------------Name : gajim Product : Fedora 24 Version : 0.16.8 Release : 1.fc24 URL : https://gajim.org/ Summary : Jabber client written in PyGTK Description : Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. --------------------------------------------------------------------------------Update Information: Gajim 0.16.8 * Fix rejoining MUCs after connection loss * Fix Groupchat invites * Fix encoding problems with newer GnuPG versions * Fix old messages randomly reappearing in the chat window * Fix some problems with IBB filetransfer * Make XEP-0146 Commands opt-in * Improve sending messages to your own resources * Improve reliability of delivery recipes * Many minor bugfixes --------------------------------------------------------------------------------References: [ 1 ] Bug #1456364 - CVE-2016-10376 gajim: XEP-0146 makes it possible to extract plain-text from OTR sessions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456364 [ 2 ] Bug #1458616 - gajim-0.16.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458616 --------------------------------------------------------------------------------This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade gajim' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 15, 2017
Fedora
198
security advisoryhigh severityinformation disclosureArch Linux: ASA-201706-4 High: Gajim Information Disclosure
The package gajim before version 0.16.8-1 is vulnerable to information disclosure. . Arch Linux Security Advisory ASA-201706-4 ======================================== Severity: High Date : 2017-06-05 CVE-ID : CVE-2016-1037 Package : gajim Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-284 Summary ====== The package gajim before version 0.16.8-1 is vulnerable to information disclosure. Resolution ========= Upgrade to 0.16.8-1. # pacman -Syu "gajim> =0.16.8-1" The problem has been fixed upstream in version 0.16.8. Workaround ========= None. Description ========== Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. Impact ===== A malicious attacker can extract user session data by leveraging the XEP-0146 (remote controlling clients) feature of the XMPP protocol, which is enabled by default. References ========= https://security.archlinux.org/CVE-2016-1037 . The Arch Linux Security Advisory ASA-201812-10 tackles a critical vulnerability found in lightdm that could lead to unauthorized access.. Arch Linux, Gajim Security Fix, Information Disclosure Issue. . LinuxSecurity.com Team
Jun 05, 2017
ArchLinux
197
security advisorydebiancritical threatDebian 7 Wheezy: Critical Security Advisory DLA-967-1 for Gajim Exploit
Gajim implements XEP-0146, an XMPP extension to run commands remotely from another client. However it was found that malicious servers can trigger commands, which could lead to leaking private conversations from encrypted sessions. To solve this, XEP-0146 support has been . Hash: SHA256 Package : gajim Version : 0.15.1-4.1+deb7u3 CVE ID : CVE-2016-10376 Debian Bug : 863445 Gajim implements XEP-0146, an XMPP extension to run commands remotely from another client. However it was found that malicious servers can trigger commands, which could lead to leaking private conversations from encrypted sessions. To solve this, XEP-0146 support has been disabled by default. For Debian 7 "Wheezy", these problems have been fixed in version 0.15.1-4.1+deb7u3. We recommend that you upgrade your gajim packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Gajim patch addresses flaws in command handling that threaten encryption integrity. Update today for improved security.. Gajim Update, Remote Command Exploits, Debian Security, XMPP Security, Encrypted Session Protection. . Severity: Critical. LinuxSecurity.com Team
May 30, 2017
•Critical
Debian LTS
87
security advisorydebianmoderate severityDebian Wheezy: DSA-3492-2 Moderate: Gajim Dependency Spoofing Risk
The wheezy part of the previous gajim update, DSA-3492-1, was incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text follows. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3492-2
Feb 28, 2016
Debian
89
security advisorymoderatefedoraFedora 22: 2016-838200213e Moderate: Gajim Connection Security Update
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-838200213e 2016-01-14 05:18:49.941744 -------------------------------------------------------------------------------- Name : gajim Product : Fedora 22 Version : 0.16.5 Release : 1.fc22 URL : https://gajim.org/ Summary : Jabber client written in PyGTK Description : Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. -------------------------------------------------------------------------------- Update Information: Version 0.16.5 of Gajim has been released. What's new since 0.16.4: * Improve Message Archive Management implementation * Improve security on connexion and for roster management (CVE-2015-8688) Full changelog: List of fixed bugs: ;milestone=0.16.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295476 - CVE-2015-8688 gajim: Message interception due to unverified origin of roster push [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1295476 [ 2 ] Bug #1294552 - gajim-0.16.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1294552 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gajim' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Jan 14, 2016
Fedora
89
security advisoryfedorasecurity fixFedora 23: FEDORA-2016-c82e5c322c moderate: Gajim Message Interception
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-c82e5c322c 2016-01-14 05:19:12.843438 -------------------------------------------------------------------------------- Name : gajim Product : Fedora 23 Version : 0.16.5 Release : 1.fc23 URL : https://gajim.org/ Summary : Jabber client written in PyGTK Description : Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. -------------------------------------------------------------------------------- Update Information: Version 0.16.5 of Gajim has been released. What's new since 0.16.4: * Improve Message Archive Management implementation * Improve security on connexion and for roster management (CVE-2015-8688) Full changelog: List of fixed bugs: ;milestone=0.16.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295476 - CVE-2015-8688 gajim: Message interception due to unverified origin of roster push [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1295476 [ 2 ] Bug #1294552 - gajim-0.16.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1294552 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gajim' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Jan 14, 2016
Fedora
198
security advisoryman-in-the-middlemediumArch Linux: ASA-201601-3 Medium: Gajim Man-In-The-Middle Attack
The package gajim before version 0.16.5-1 is vulnerable to man-in-the-middle. . Arch Linux Security Advisory ASA-201601-3 ======================================== Severity: Medium Date : 2016-01-09 CVE-ID : CVE-2015-8688 Package : gajim Type : man-in-the-middle Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package gajim before version 0.16.5-1 is vulnerable to man-in-the-middle. Resolution ========= Upgrade to 0.16.5-1. # pacman -Syu "gajim> =0.16.5-1" The problem has been fixed upstream in version 0.16.5. Workaround ========= None. Description ========== It was found that gajim doesn't verify the origin of roster pushes thus allowing third parties to modify the roster. This vulnerability allows to intercept messages resulting in man-in-the-middle. Impact ===== A remote attacker is able to intercept messages due to unverified origin of roster resulting in man-in-the-middle. References ========= https://access.redhat.com/security/cve/CVE-2015-8688 https://gultsch.de/posts/gajim-roster-push_and-message-interception/ https://bugs.archlinux.org/task/47647 . Ubuntu Security Notice: Empathy susceptible to man-in-the-middle vulnerabilities. Update to version 3.12.2-1 to address the issue.. gajim Security, Arch Linux Advisory, Man-In-The-Middle, Security Update. . Severity: Medium. LinuxSecurity.com Team
Jan 09, 2016
•Medium
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!