Thursday, May 9, 2013

[USN-1821-1] telepathy-idle vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRi7iqAAoJEGVp2FWnRL6TOWQP/jXO7AuYSkCiw3YYAJskgwz8
UPj4sYEMO6VQgTZf58eqtYDxlnElmyaNQJmCtWvk6FKDr/6OF6cw/Im0Al/1iZCB
Drc+nzuVzTGBj93a29C+zGhI+2muwCiKFdFUnAPwmrZFcaWgvJp0LIspaVypTUJg
Qyp1xeAn63C2T7rkGl70LlpTejeG0MPw7hso084iQgAsJ5vN5lP9JZUEpXiLp/zE
+6bU4D5fzNL7vfPx0ZswYYU/35hVjeDnBCujTp4hrkh8X9myBMToyrRpYUEul38Z
CItRJR6l5+JMbvmukEVceEXwRs0lgxu5en4Dou5uxjNFh0S0A1lecJMYpN+BUnXD
IIXT6U9bkTEVVNsXCUBpP7ENSUPc15LBYj+q2U3Mi4voayIZqHBi0VPoxnG/iqxG
bNSV6h9iedGTCASi7Dxwu29WtK0+OB3U3TDVm5BpNbf72IKuRE312ayw4/4jUSxz
HHgXeHFdcYnCoPJXkl/4Wc9AETL8dQ0nQkA1ryFld0r0oegOjO1ekNlrSJzVacS8
VIuMw6s36+SqmSR0sh12uFhwPJWhznGPYfIZxUAaP4xInuusRR/QSns5JO+7DOwl
hMkjoVmCvrrG9BhBP4r0eIK87LHBfsml1vjrHhJCBajMa+LlsYeMUFgl2sqaK/TF
9xFL0KkpZh7kpLaqxLLW
=NjZw
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1821-1
May 09, 2013

telepathy-idle vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

telepathy-idle could be made to expose sensitive information over the
network.

Software Description:
- telepathy-idle: IRC connection manager for Telepathy

Details:

It was discovered that telepathy-idle did not perform any server
certificate validation when using SSL connections. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could be
exploited to alter or compromise confidential information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
telepathy-idle 0.1.14-1ubuntu0.1

Ubuntu 12.10:
telepathy-idle 0.1.12-1ubuntu0.1

Ubuntu 12.04 LTS:
telepathy-idle 0.1.11-2ubuntu0.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1821-1
CVE-2007-6746

Package Information:
https://launchpad.net/ubuntu/+source/telepathy-idle/0.1.14-1ubuntu0.1
https://launchpad.net/ubuntu/+source/telepathy-idle/0.1.12-1ubuntu0.1
https://launchpad.net/ubuntu/+source/telepathy-idle/0.1.11-2ubuntu0.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)