USN-1067-1: Telepathy Gabble vulnerability

17 February 2011

An attacker could send crafted requests to view streamed media content.

Releases

Packages

  • telepathy-gabble - Jabber/XMPP connection manager

Details

It was discovered that Gabble did not verify the from field of google
jingleinfo updates. This could allow a remote attacker to perform man
in the middle attacks (MITM) on streamed media.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 10.10
Ubuntu 10.04

After a standard system update you need to restart your session to make all
the necessary changes.