USN-1873-1: telepathy-gabble vulnerabilities
12 June 2013
Several security issues were fixed in telepathy-gabble.
- telepathy-gabble - Jabber/XMPP connection manager
Maksim Otstavnov discovered that telepathy-gabble incorrectly handled
TLS when connecting to legacy jabber servers. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information. (CVE-2013-1431)
It was discovered that telepathy-gabble incorrectly handled certain
messages. A remote attacker could use this flaw to cause applications using
telepathy-gabble to crash, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769)
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart your session to make all
the necessary changes.