Upstream information
Description
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.8 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
- openSUSE-SU-2013:1013-1, published Fri, 14 Jun 2013 17:07:43 +0200 (CEST)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP5 |
| |
| SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 |
| |
| openSUSE 12.3 |
| Patchnames: openSUSE-2013-492 |
| openSUSE Leap 42.1 |
| Patchnames: openSUSE Leap 42.1 GA telepathy-gabble |
| openSUSE Leap 42.2 |
| Patchnames: openSUSE Leap 42.2 GA telepathy-gabble |
| openSUSE Leap 42.3 |
| Patchnames: openSUSE Leap 42.3 GA telepathy-gabble |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA telepathy-gabble |
