13 matches found
Mageia: Security Advisory (MGASA-2013-0170)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : telepathy-gabble (openSUSE-SU-2013:1013-1)
This update of telepathy-gabble fixes a TLS bypass problem. Changes in telepathy-gabble : - Add telepathy-gabble-cve-2013-1431.patch bnc822586. This makes it respect the TLS-required flag on legacy Jabber servers. Identified as CVE-2013-1431. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...
CVE-2013-1431
CVE-2013-1431 affects the Wocky submodule in telepathy-gabble (Gabble) prior to 0.16.6 and 0.17.x prior to 0.17.4 when connecting to legacy Jabber servers. The flaw allows bypassing WockyConnector:tls-required and TLS verification, enabling MITM attacks. Fixes are provided in patches and updated ...
[SECURITY] [DSA 2702-1] telepathy-gabble security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2702-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 03, 2013 http://www.debian.org/security/faq -...
Ubuntu Update for telepathy-gabble USN-1873-1
Check for the Version of telepathy-gabble OpenVAS Vulnerability Test $Id: gbubuntuUSN18731.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for telepathy-gabble USN-1873-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This progra...
Ubuntu 12.04 LTS / 12.10 / 13.04 : telepathy-gabble vulnerabilities (USN-1873-1)
Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. CVE-2013-1431 It was discovered that telepathy-gabb...
Ubuntu: Security Advisory (USN-1873-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for telepathy-gabble FEDORA-2013-9794
Check for the Version of telepathy-gabble OpenVAS Vulnerability Test Fedora Update for telepathy-gabble FEDORA-2013-9794 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...
Fedora Update for telepathy-gabble FEDORA-2013-9794
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : telepathy-gabble -- TLS verification bypass (a3c2dee5-cdb9-11e2-b9ce-080027019be0)
"Simon McVittie reports : This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a 'legacy Jabber' pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes : . upgrade the server software to something that supports...
[SECURITY] [DSA 2702-1] telepathy-gabble security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2702-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 03, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2702-1 (telepathy-gabble - TLS verification bypass)
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perfor...
CVE-2013-1431
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks...