Detections
Analytics

Debian DSA-3492-2 : gajim - security update

high Nessus Plugin ID 88975

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

The wheezy part of the previous gajim update, DSA-3492-1, was incorrectly built resulting in an unsatisfiable dependency. This update corrects that problem. For reference, the original advisory text follows.

Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber client. Gajim didn't verify the origin of roster update, allowing an attacker to spoof them and potentially allowing her to intercept messages.

Solution

Upgrade the gajim packages.

For the oldstable distribution (wheezy), this problem has been fixed in version 0.15.1-4.1+deb7u2.

For the stable distribution (jessie), this problem has been fixed in version 0.16-1+deb8u1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816158

https://packages.debian.org/source/wheezy/gajim

https://packages.debian.org/source/jessie/gajim

https://www.debian.org/security/2016/dsa-3492

Plugin Details

Severity: High

ID: 88975

File Name: debian_DSA-3492.nasl

Version: 2.5

Type: local

Agent: unix

Published: 2/26/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:gajim, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/28/2016

Reference Information

DSA: 3492