Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0501.2 gajim security update 29 February 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gajim Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-8688 Original Bulletin: http://www.debian.org/security/2016/dsa-3492 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running gajim check for an updated version of the software for their operating system. Revision History: February 29 2016: New update for Wheezy released with fix for dependency error in original update February 26 2016: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3492-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : gajim Debian Bug : 816158 The wheezy part of the previous gajim update, DSA-3492-1, was incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text follows. Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages. For the oldstable distribution (wheezy), this problem has been fixed in version 0.15.1-4.1+deb7u2. We recommend that you upgrade your gajim packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJW0tQFAAoJEAVMuPMTQ89EGVUP/2cWsnn9rzv7aodGQ9S+5gml gN+2NpsfsWIo8D0m8As9cZUqJG72NbWOyjc/IbORiyCzVcTt9NsVVNZd1Pbf7ThU C6hK1WQIDZUOETerlLD3Ai6upLm9cOqjtAQwiKFdwDH40U9BSst3wMk1vxvcjRxa 6i6CHCdsRKw7XJ+K9WolptblqAEz1FtTltWyxoCuDKDYoJfWmA90aJYWOYbHnprb eCFCu6/EPmnz3k2L257uf1bBQojuOQupLgpQFaGJ7QaAgDTw15As4l8fSZPt4wMu nwj8cU5m/JluQUigw+6bk6GrfFhRm6iNXx2chC50D+gYi4hHxejj/rFLcqKPpi6S 7O1nXrRzLa1X8YTPME6Gw1cpsKmy1nhK2OJbDhBvNbjxIK5XBRDsxiz0vmJg7PsR 9513DR0VVb2D1Jfr1lnsZFH8K6S8bMcP0NZWtnt95WDlesjANBXOBQU8M4Whl3RJ 8S2RGcJSikyejA+C5eAG9c0ESGkb0lnSn7vMLTbi+AKo6cG1WT0aVYDBRNj4oiZO jeAcIB7+aey9rvNvLFsNJE+Lh2kDXZQ3Zsl1BAtcuzbNimEXcfuufqatR5OO3h3D pO/mH7yw4/uCZt37I2ESyAgRczv2PW+Hj5aI4uOKtjoaDTb2BkbzZgWHqnVw53dl CKP4SaFLyz06KznV+Vcr =i0Lp - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVtOqcH6ZAP0PgtI9AQLU+g/8CEt4ycZjikos7sfySdwcqUUYmOnOGvRq wKWdEXokoTnTWWphLRpYVBh7EvC6UtzygnrH2q9JzDjegOCcMo3DO4OAR/SfT7Wp nSjr2bG7Xf0NhHRgHb91I63+HjfpPAIAwXrxJhfw0XjpK9oO+RtBT0EYtXNUqMQT ffMimO1z7L4PgH9caHx+ssG3At8aUr+d+bcVAzOKGu6/T4lZYurW2PtEUfUBYLQH 0jbqt9NocEK1bvIy+WsoWaLkRfruvsjlOIJ4s6G5lj7bf/cKdM4IDKgZSLtGf7GR L1nt6opNHuGzv21qqBwoUjOnZbE4gJSiDzzm7Bp07EeP914NcuRNY6toxJ7HKdAq H3G4JB41ckGX6ylEf9O0U3QihcgRPoFlGferdNIp2MHRE1C4yberYerH5yZhMfjm s/Etif7uMNMNJ/WNOrPIPjEo8Ngf4QshC8+wc6Uqisczen3ZOtxNXRXFJRwsUZop 23zOZN//dgQFFWoXcdm27kbNwzTKxJufEHtBT2n6+5rAOXrj5aVMzX58CGbeOl6D aM2Na7StLnx9EHehH0LuHTOEima0WA1v9nc28y/lBZMS00ZxvnZb6qCIJH+8lRws 9LpU+TWL/odTVIMuOovYOMOUd4NB45VzOnfE/3Jy1RBjdz8Gn7cR/Al343l1MzTd ZsHya9p8fuk= =mFeU -----END PGP SIGNATURE-----