GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jul 12, 2017 4:26 pm Post subject: [ GLSA 201707-14 ] Gajim |
|
|
Gentoo Linux Security Advisory
Title: Gajim: Information disclosure (GLSA 201707-14)
Severity: normal
Exploitable: remote
Date: 2017-07-10
Bug(s): #620146
ID: 201707-14
Synopsis
A vulnerability in Gajim might allow remote attackers to intercept
encrypted communications.
Background
Gajim is a Jabber/XMPP client which uses GTK+.
Affected Packages
Package: net-im/gajim
Vulnerable: < 0.16.6-r1
Unaffected: >= 0.16.6-r1
Architectures: All supported architectures
Description
Gajim unconditionally implements the “XEP-0146: Remote Controlling
Clients” extension.
Impact
Remote attackers, by enticing a user to connect to a malicious XMPP
server, could extract plaintext from Off The Record (OTR) encrypted
sessions.
Workaround
There is no known workaround at this time.
Resolution
All Gajim users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gajim-0.16.6-r1"
|
References
CVE-2016-10376
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 1 time in total |
|