USN-1067-1: Telepathy Gabble vulnerability
17 February 2011
An attacker could send crafted requests to view streamed media content.
Releases
Packages
- telepathy-gabble - Jabber/XMPP connection manager
Details
It was discovered that Gabble did not verify the from field of google
jingleinfo updates. This could allow a remote attacker to perform
machine-in-the-middle attacks (MITM) on streamed media.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 9.10
Ubuntu 10.10
Ubuntu 10.04
After a standard system update you need to restart your session to make all
the necessary changes.