From Mageia wiki
Jump to: navigation, search

MGASA-2013-0111

Date: April 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated gajim package fixes security vulnerability:

A security flaw was found in the way Gajim before 0.15.3 performed
verification of invalid (broken / expired) x.509v3 SSL certificates
(True as return value was returned always regardless if error during
certificate validation occurred or not). A rogue XMPP server could use
this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim
client to accept the certificate even when it was invalid / should not
be accepted (CVE-2012-5524).


Updated Packages:
i586:
gajim-0.15.3-1.1.mga2.i586.rpm
gajim-debug-0.15.3-1.1.mga2.i586.rpm

x86_64:
gajim-0.15.3-1.1.mga2.x86_64.rpm
gajim-debug-0.15.3-1.1.mga2.x86_64.rpm

SRPMS:
gajim-0.15.3-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524
http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html
https://bugs.mageia.org/show_bug.cgi?id=9593