MCabber could be made to modify the roster and intercept messages if it received specially crafted XMPP packets.. =========================================================================Ubuntu Security Notice USN-4506-1 September 16, 2020 mcabber vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: MCabber could be made to modify the roster and intercept messages if it received specially crafted XMPP packets. Software Description: - mcabber: small Jabber (XMPP) console client Details: It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks. (CVE-2016-9928). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: mcabber 0.10.2-1+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4506-1 CVE-2016-9928 Package Information: https://launchpad.net/ubuntu/+source/mcabber/0.10.2-1+deb8u1build0.16.04.1 . A security flaw in MCabber permits unauthorized alterations and interception of messages on Ubuntu 16.04. Guidance for updates is included.. mcabber vulnerability, Ubuntu security notice, XMPP packet issue. . LinuxSecurity.com Team
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-c82e5c322c 2016-01-14 05:19:12.843438 -------------------------------------------------------------------------------- Name : gajim Product : Fedora 23 Version : 0.16.5 Release : 1.fc23 URL : https://gajim.org/ Summary : Jabber client written in PyGTK Description : Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is to provide a full featured and easy to use xmpp client for the GTK+ users. Gajim does not require GNOME to run, even though it exists with it nicely. -------------------------------------------------------------------------------- Update Information: Version 0.16.5 of Gajim has been released. What's new since 0.16.4: * Improve Message Archive Management implementation * Improve security on connexion and for roster management (CVE-2015-8688) Full changelog: List of fixed bugs: ;milestone=0.16.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295476 - CVE-2015-8688 gajim: Message interception due to unverified origin of roster push [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1295476 [ 2 ] Bug #1294552 - gajim-0.16.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1294552 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gajim' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Get the latest Linux and open source security news straight to your inbox.