U radu programskih paketa telepathy-gabble i telepathy-glib, distribuiranih s operacijskim sustavom Fedora 15, uočene su sigurnosne ranjivosti. Telepathy-gabble i telepathy-glib su dio telepathy okruženja, a pružaju podršku za Jabber/XMMP IM protokole. Otkriveno je kako se neispravno obrađuju "google:jingleinfo" obavijesti o ažuriranju, budući da se ne provjerava izvor obavijesti. Napadač može iskoristiti propust za presretanje svih audio i video poziva. Ispravljene inačice programskih paketa su dostupne te se njihove ispravke savjetuju na instalaciju svim korisnicima.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1284
2011-02-11 04:15:02
--------------------------------------------------------------------------------
Name : telepathy-gabble
Product : Fedora 15
Version : 0.11.7
Release : 1.fc15
URL : http://telepathy.freedesktop.org/wiki/
Summary : A Jabber/XMPP connection manager
Description :
A Jabber/XMPP connection manager, that handles single and multi-user
chats and voice calls.
--------------------------------------------------------------------------------
Update Information:
Telepathy-Gabble changes, including a security fix:
* fd.o#32390: Gabble now treats a request for a ContactSearch channel with
Server set to the empty string as equivalent to not specifying a server, and
rejects requests where the JID specified for Server is invalid.
* fd.o#32874: Offline contacts are now assumed to support 1â??1 text channels.
* fd.o#34048: Malicious contacts can no longer trick Gabble into relaying
audio/video data via a server of their choosing.
* fd.o#32815: fallback-conference-server now defaults to
conference.telepathy.im. Thus, if the user's server doesn't have a conference
component configured, upgrading a 1-1 chat into an ad-hoc conference still
works.
* fd.o#11291: support for xep-0092, Software Version.
* fd.o#33471: support for the FileTransfer.URI property.
Telepathy-Glib Enhancements include:
* Many doc fixes, including: TpBaseClientClass is now included;
INCOMING_MESSAGES is now explained.
* Compiler flags reordered (clang is order-sensitive) to allow static analysis.
* Account Channel Requests now give you access to the originating
TpChannelRequest.
* The speculative debug cache may now be disabled at compile time.
tp_debug_sender_add_message_vprintf and tp_debug_sender_add_message_printf added
to allow callers who care about optimisation to reduce debug overhead.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update telepathy-gabble' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1284
2011-02-11 04:15:02
--------------------------------------------------------------------------------
Name : telepathy-glib
Product : Fedora 15
Version : 0.13.13
Release : 1.fc15
URL : http://telepathy.freedesktop.org/wiki/FrontPage
Summary : GLib bindings for Telepathy
Description :
Telepathy-glib is the glib bindings for the telepathy unified framework
for all forms of real time conversations, including instant messaging, IRC,
voice calls and video calls.
--------------------------------------------------------------------------------
Update Information:
Telepathy-Gabble changes, including a security fix:
* fd.o#32390: Gabble now treats a request for a ContactSearch channel with
Server set to the empty string as equivalent to not specifying a server, and
rejects requests where the JID specified for Server is invalid.
* fd.o#32874: Offline contacts are now assumed to support 1â??1 text channels.
* fd.o#34048: Malicious contacts can no longer trick Gabble into relaying
audio/video data via a server of their choosing.
* fd.o#32815: fallback-conference-server now defaults to
conference.telepathy.im. Thus, if the user's server doesn't have a conference
component configured, upgrading a 1-1 chat into an ad-hoc conference still
works.
* fd.o#11291: support for xep-0092, Software Version.
* fd.o#33471: support for the FileTransfer.URI property.
Telepathy-Glib Enhancements include:
* Many doc fixes, including: TpBaseClientClass is now included;
INCOMING_MESSAGES is now explained.
* Compiler flags reordered (clang is order-sensitive) to allow static analysis.
* Account Channel Requests now give you access to the originating
TpChannelRequest.
* The speculative debug cache may now be disabled at compile time.
tp_debug_sender_add_message_vprintf and tp_debug_sender_add_message_printf added
to allow callers who care about optimisation to reduce debug overhead.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update telepathy-glib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke