FreeBSD : shotwell -- not verifying certificates (448047e9-030e-4ce4-910b-f21a3ad5d9a0)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Michael Catanzaro reports :

Shotwell has a serious security issue ('Shotwell does not verify TLS
certificates'). Upstream is no longer active and I do not expect any
further upstream releases unless someone from the community steps up
to maintain it.

What is the impact of the issue? If you ever used any of the publish
functionality (publish to Facebook, publish to Flickr, etc.), your
passwords may have been stolen; changing them is not a bad idea.

What is the risk of the update? Regressions. The easiest way to
validate TLS certificates was to upgrade WebKit; it seems to work but
I don't have accounts with the online services it supports, so I don't
know if photo publishing still works properly on all the services.

See also :

http://www.nessus.org/u?a4a937fd
http://www.nessus.org/u?056ae138

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88603 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now