MGASA-2013-0096
| Date: | March 16rd, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated telepathy-gabble packages fix security vulnerability:
NULL pointer dereference in telepathy-gabble before 0.16.5 which causes a
crash when processing weirdly-shaped data forms in caps query replies. This
bug can be triggered by any XMPP user who knows the bare JID of a user of a
vulnerable client, without needing to be authorized to see that user's
presence (CVE-2013-1769).
The telepathy-gabble package has been updated to version to 0.16.5 to fix
this issue as well as several other bugs.
Updated Packages:
i586:
telepathy-gabble-0.16.5-1.mga2.i586.rpm
telepathy-gabble-debug-0.16.5-1.mga2.i586.rpm
x86_64:
telepathy-gabble-0.16.5-1.mga2.x86_64.rpm
telepathy-gabble-debug-0.16.5-1.mga2.x86_64.rpm
SRPMS:
telepathy-gabble-0.16.5-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1769
http://lists.freedesktop.org/archives/telepathy/2013-March/006379.html
https://bugs.freedesktop.org/show_bug.cgi?id=61433
http://lists.freedesktop.org/archives/telepathy/2013-March/006377.html
http://lists.freedesktop.org/archives/telepathy/2012-November/006299.html
http://lists.freedesktop.org/archives/telepathy/2012-September/006234.html
http://lists.freedesktop.org/archives/telepathy/2012-August/006224.html
http://lists.freedesktop.org/archives/telepathy/2012-June/006145.html
https://bugs.mageia.org/show_bug.cgi?id=9316
