Ubuntu Update For Telepathy-gabble USN-1873-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-1431) It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-1769)

Affected

telepathy-gabble on Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-June/002157.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1431, CVE-2013-1769

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for bzip2 USN-1308-1
Ubuntu Update for dbus USN-2352-1
Ubuntu Update for avahi vulnerability USN-1084-1
Ubuntu Update for bind9 USN-1163-1
Ubuntu Update for curl USN-1894-1

Ubuntu Update for telepathy-gabble USN-1873-1

Take action and discover your vulnerabilities