Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
172
security advisoryubuntuman-in-the-middleUbuntu 16.04 LTS: USN-4506-1 Critical: MCabber Message Interception
MCabber could be made to modify the roster and intercept messages if it received specially crafted XMPP packets.. =========================================================================Ubuntu Security Notice USN-4506-1 September 16, 2020 mcabber vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: MCabber could be made to modify the roster and intercept messages if it received specially crafted XMPP packets. Software Description: - mcabber: small Jabber (XMPP) console client Details: It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks. (CVE-2016-9928). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: mcabber 0.10.2-1+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4506-1 CVE-2016-9928 Package Information: https://launchpad.net/ubuntu/+source/mcabber/0.10.2-1+deb8u1build0.16.04.1 . A security flaw in MCabber permits unauthorized alterations and interception of messages on Ubuntu 16.04. Guidance for updates is included.. mcabber vulnerability, Ubuntu security notice, XMPP packet issue. . Severity: Critical. LinuxSecurity.com Team
Sep 16, 2020
•Critical
Ubuntu
197
security advisorysoftware updatedebianDebian 8 Jessie: DLA-2260-1 Critical: Mcabber Roster Push Attack
It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim. . Package : mcabber Version : 0.10.2-1+deb8u1 CVE ID : CVE-2016-9928 It was discovered that there was a "roster push attack" in mcabber, a console-based Jabber (XMPP) client. This is identical to CVE-2015-8688 for gajim. For Debian 8 "Jessie", this problem has been fixed in version 0.10.2-1+deb8u1. We recommend that you upgrade your mcabber packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . New release of Mcabber, the text-only Jabber client for Debian, addresses critical roster push vulnerability. It is advisable to update promptly to ensure user security.. Mcabber Update, Debian LTS Security, Roster Attack Fix, XMPP Client Security. . Severity: Critical. LinuxSecurity.com Team
Jun 28, 2020
•Critical
Debian LTS
99
security advisorypackage updatesecurity fixUrgent Mcabber MITM Fix for Slackware 14.x Released on 2016-347-02
New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mcabber (SSA:2016-347-02) New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/loudmouth-1.5.3-i586-1_slack14.2.txz: Upgraded. This update is needed for the mcabber security update. patches/packages/mcabber-1.0.4-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue which can lead to a malicious actor MITMing a conversation, or adding themselves as an entity on a third parties roster (thereby granting themselves the associated priviledges such as observing when the user is online). For more information, see: https://gultsch.de/posts/gajim-roster-push_and-message-interception/ https://www.cve.org/CVERecord?id=CVE-2016-9928 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: fd38253e79e4b766ad194d4fceaa5d8d mcabber-1.0.4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: c859617864745e03fd527fca1030d518 mcabber-1.0.4-x86_64-1_slack14.0.txz Slackware 14.1 package: d5adbde2cba42fcfa915c07814fb33b5 mcabber-1.0.4-i486-1_slack14.1.txz Slackware x86_64 14.1package: 2af12adcb6691b94edd3f668eb424805 mcabber-1.0.4-x86_64-1_slack14.1.txz Slackware 14.2 package: d2a06d1fd910aecaaa384f115bb58bc3 mcabber-1.0.4-i586-1_slack14.2.txz Slackware x86_64 14.2 package: cda2b990fe27fb3a33039ffd53aad42e mcabber-1.0.4-x86_64-1_slack14.2.txz Slackware -current package: a2b3fc780a5013e96aee9924bac333c9 n/mcabber-1.0.4-i586-1.txz Slackware x86_64 -current package: e212a2abac6dd59728869361651ecdc7 n/mcabber-1.0.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mcabber-1.0.4-i586-1_slack14.2.txz A new loudmouth package is also provided. Be sure to update this as well. +-----+ . Stay informed about mcabber updates on Slackware to address critical communication concerns stemming from security vulnerabilities. Upgrade immediately!. mcabber update, Slackware security, communication fix, MITM vulnerability. . Severity: Critical. LinuxSecurity.com Team
Dec 12, 2016
•Critical
Slackware
89
security advisoryupdateFedoraFedora 23: Latest Security Update Released For Mcabber Chat Client
update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-7da97a3914 2016-12-11 16:19:11.675039 -------------------------------------------------------------------------------- Name : mcabber Product : Fedora 23 Version : 1.0.4 Release : 1.fc23 URL : https://mcabber.com Summary : Console Jabber instant messaging client Description : mcabber is a console Jabber instant messaging/chat client with SSL support, MUC (Multi-User Chat) support, history logging, commands completion, and external action triggers. -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1397220 - mcabber-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1397220 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mcabber' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 11, 2016
•Important
Fedora
89
security advisoryupdateFedoraFedora 24: Security Update on Mcabber Instant Messaging Client
update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-30f68ec06b 2016-12-11 16:19:33.990660 -------------------------------------------------------------------------------- Name : mcabber Product : Fedora 24 Version : 1.0.4 Release : 1.fc24 URL : https://mcabber.com Summary : Console Jabber instant messaging client Description : mcabber is a console Jabber instant messaging/chat client with SSL support, MUC (Multi-User Chat) support, history logging, commands completion, and external action triggers. -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1397220 - mcabber-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1397220 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mcabber' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 11, 2016
•Important
Fedora
89
security advisoryfedoraupdateFedora 25 Mcabber Security Advisory: Updates for Instant Messaging Client
update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-e865601498 2016-12-11 16:19:57.246617 -------------------------------------------------------------------------------- Name : mcabber Product : Fedora 25 Version : 1.0.4 Release : 1.fc25 URL : https://mcabber.com Summary : Console Jabber instant messaging client Description : mcabber is a console Jabber instant messaging/chat client with SSL support, MUC (Multi-User Chat) support, history logging, commands completion, and external action triggers. -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1397220 - mcabber-1.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1397220 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mcabber' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 11, 2016
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!