Detalji

U radu programskog paketa telepathy-gabble, namijenjenog operacijskom sustavu Fedora 14, uočen je sigurnosni propust. Riječ je o paketu koji ostvaruje podršku za Jabber/XMMP IM protokol. Do nepravilnosti u radu dolazi prilikom obrade PEP alias zahtjeva. Uslijed uspješne zloupotrebe, napadaču će sigurnosna nepravilnost omogućiti rušenje ranjivog sustava. Obzirom da su ispravke opisanog propusta dostupne, svim se korisnicima savjetuje njihova pravovremena instalacija kako bi se zaštitili od potencijalnih problema.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1668
2011-02-17 00:23:29
--------------------------------------------------------------------------------

Name        : telepathy-gabble
Product     : Fedora 14
Version     : 0.10.5
Release     : 1.fc14
URL         : http://telepathy.freedesktop.org/wiki/
Summary     : A Jabber/XMPP connection manager
Description :
A Jabber/XMPP connection manager, that handles single and multi-user
chats and voice calls.

--------------------------------------------------------------------------------
Update Information:

Security bugfix release that includes the following:
* fd.o #31412: fix crashes during disconnection if a PEP alias request is
in-flight
* fd.o#34048: Malicious contacts can no longer trick Gabble into relaying
audio/video data via a server of their choosing.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 16 2011 Brian Pepple <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.10.5-1
- Update to 0.10.5.
* Tue Nov  2 2010 Brian Pepple <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.10.4-1
- Update to 0.10.4.
- Bump min BR of glib2.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #650206 - Crashes during disconnection if a PEP alias request is
in-flight
        https://bugzilla.redhat.com/show_bug.cgi?id=650206
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update telepathy-gabble' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh