Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Maksim Otstavnov discovered that telepathy-gabble incorrectly handled
TLS when connecting to legacy jabber servers. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could be
exploited to view sensitive information. (CVE-2013-1431)
It was discovered that telepathy-gabble incorrectly handled certain
messages. A remote attacker could use this flaw to cause applications
using telepathy-gabble to crash, resulting in a denial of service.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10.
Update the affected telepathy-gabble package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true