Ubuntu Update For Telepathy-gabble USN-1873-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431) It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769)

Affected

telepathy-gabble on Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-June/002157.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1431, CVE-2013-1769
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for curl USN-2474-1
Ubuntu Update for cups, cupsys vulnerabilities USN-906-1
Ubuntu Update for clamav vulnerability USN-684-1
Ubuntu Update for apache2 vulnerabilities USN-575-1
Ubuntu Update for dovecot USN-1295-1

Ubuntu Update for telepathy-gabble USN-1873-1

Take action and discover your vulnerabilities