Upstream information

CVE-2007-6746 at MITRE

Description

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 817120 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • telepathy-idle >= 0.1.5-1.5.1
Patchnames:
sledsp2-telepathy-idle
SUSE Linux Enterprise Desktop 11 SP3
  • telepathy-idle >= 0.1.5-1.5.1
Patchnames:
sledsp3-telepathy-idle
SUSE Linux Enterprise Desktop 12
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Desktop 12 GA telepathy-idle
SUSE Linux Enterprise Desktop 12 SP1
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA telepathy-idle
SUSE Linux Enterprise Desktop 12 SP2
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA telepathy-idle
SUSE Linux Enterprise Desktop 12 SP3
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA telepathy-idle
SUSE Linux Enterprise Workstation Extension 12
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA telepathy-idle
SUSE Linux Enterprise Workstation Extension 12 SP1
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA telepathy-idle
SUSE Linux Enterprise Workstation Extension 12 SP2
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA telepathy-idle
SUSE Linux Enterprise Workstation Extension 12 SP3
  • telepathy-idle >= 0.2.0-1.62
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA telepathy-idle
SUSE Linux Enterprise Desktop 11 SP3
  • telepathy-idle >= 0.1.5-1.5.1
Builds
SAT Patch Nr: 8216
SUSE Linux Enterprise Desktop 11 SP2
  • telepathy-idle >= 0.1.5-1.5.1
Builds
SAT Patch Nr: 8215
openSUSE 12.3
  • telepathy-idle >= 0.1.14-2.4.1
  • telepathy-idle-debuginfo >= 0.1.14-2.4.1
  • telepathy-idle-debugsource >= 0.1.14-2.4.1
Patchnames:
openSUSE-2013-427
openSUSE Leap 42.1
  • telepathy-idle >= 0.2.0-3.2
Patchnames:
openSUSE Leap 42.1 GA telepathy-idle
openSUSE Leap 42.2
  • telepathy-idle >= 0.2.0-4.5
Patchnames:
openSUSE Leap 42.2 GA telepathy-idle
openSUSE Leap 42.3
  • telepathy-idle >= 0.2.0-6.1
Patchnames:
openSUSE Leap 42.3 GA telepathy-idle
openSUSE Tumbleweed
  • telepathy-idle >= 0.2.0-3.8
Patchnames:
openSUSE Tumbleweed GA telepathy-idle


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Desktop 11 SP2 telepathy-idle Released
SUSE Linux Enterprise Desktop 11 SP3 telepathy-idle Released