MGASA-2013-0111
Date: | April 6th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated gajim package fixes security vulnerability:
A security flaw was found in the way Gajim before 0.15.3 performed
verification of invalid (broken / expired) x.509v3 SSL certificates
(True as return value was returned always regardless if error during
certificate validation occurred or not). A rogue XMPP server could use
this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim
client to accept the certificate even when it was invalid / should not
be accepted (CVE-2012-5524).
Updated Packages:
i586:
gajim-0.15.3-1.1.mga2.i586.rpm
gajim-debug-0.15.3-1.1.mga2.i586.rpm
x86_64:
gajim-0.15.3-1.1.mga2.x86_64.rpm
gajim-debug-0.15.3-1.1.mga2.x86_64.rpm
SRPMS:
gajim-0.15.3-1.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html
https://bugs.mageia.org/show_bug.cgi?id=9593