MGASA-2013-0144
Date: | May 10th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated telepathy-idle package fixes security vulnerability:
In versions prior to 0.1.15, telepathy-idle does not check the server's
SSL/TLS certificate for validity. A network intermediary could use this
flaw to carry out man-in-the-middle attacks on IRC users (CVE-2007-6746).
The telepathy-idle package has been updated to version to 0.1.16 to fix
this issue as well as several other bugs.
Updated Packages:
i586:
telepathy-idle-0.1.16-1.mga2.i586.rpm
telepathy-idle-debug-0.1.16-1.mga2.i586.rpm
x86_64:
telepathy-idle-0.1.16-1.mga2.x86_64.rpm
telepathy-idle-debug-0.1.16-1.mga2.x86_64.rpm
SRPMS:
telepathy-idle-0.1.16-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6746
http://lists.freedesktop.org/archives/telepathy/2013-May/006434.html
http://lists.freedesktop.org/archives/telepathy/2013-April/006431.html
https://bugs.freedesktop.org/show_bug.cgi?id=63810
http://lists.freedesktop.org/archives/telepathy/2012-November/006304.html
http://lists.freedesktop.org/archives/telepathy/2012-November/006303.html
http://lists.freedesktop.org/archives/telepathy/2012-August/006220.html
https://bugs.mageia.org/show_bug.cgi?id=9931