13 matches found
Debian DLA-2260-1 : mcabber security update
It was discovered that there was a 'roster push attack' in mcabber, a console-based Jabber XMPP client. This is identical to CVE-2015-8688 for gajim. For Debian 8 'Jessie', this problem has been fixed in version 0.10.2-1+deb8u1. We recommend that you upgrade your mcabber packages. NOTE: Tenable...
openSUSE Security Update : mcabber (openSUSE-2016-1502)
This update for mcabber fixes the following issues : - Update to version 1.0.4 changes since 1.0.2 : - Check the origin of roster pushes boo1014976, CVE-2015-8688 Gajim, https://gultsch.de/gajimrosterpushandmessageinterce ption.html - Link with the tinfo library. - Fix default modules directory o...
Fedora 23 : gajim-0.16.5-1.fc23 (2016-c82e5c322c)
Version 0.16.5 of Gajim has been released. What's new since 0.16.4: Improve Message Archive Management implementation Improve security on connexion and for roster management CVE-2015-8688 Full changelog: http://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog List of fixed bugs:...
Fedora 22 : gajim-0.16.5-1.fc22 (2016-838200213e)
Version 0.16.5 of Gajim has been released. What's new since 0.16.4: Improve Message Archive Management implementation Improve security on connexion and for roster management CVE-2015-8688 Full changelog: http://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog List of fixed bugs:...
[SECURITY] [DSA 3492-1] gajim security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3492-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 413-1] gajim security update
Package : gajim Version : 0.13.4-3+squeeze4 CVE ID : CVE-2015-8688 Debian Bug : 809900 Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4. - -- Brian May...
Mageia: Security Advisory (MGASA-2016-0046)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2016-0046 Updated gajim packages fix security vulnerability
Gajim before 0.16.5 doesn't verify the origin of roster pushes thus allowing third parties to modify the roster via a man-in-the-middle attack CVE-2015-8688...
openSUSE Security Update : gajim (openSUSE-2016-29)
This update to gajim 0.16.5 fixes the following security issues : - CVE-2015-8688: Message interception due to unverified origin of roster push - Improve security on connexion and for roster managment boo960668 The following on-security improvements were added : - Improve MAM implementation. -...
CVE-2015-8688
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...
CVE-2015-8688
CVE-2015-8688 affects Gajim prior to 0.16.5. The root cause is failure to verify the origin of roster-push IQ stanzas, allowing an attacker to spoof roster updates and intercept messages. Public advisories and vendor releases indicate upgrading to Gajim 0.16.5 (or respective patched package versi...
CVE-2015-8688
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza...
KLA10742 Security bypass vulnerability in Gajim
An unspecified vulnerability was found in Gajim. By exploiting this vulnerability malicious users can modify roster and intercept messages. This vulnerability can be exploited remotely via a specially designed roster-push IQ stanza. Original advisories - Related products Gajim CVE list...