Fedora 24 : bitlbee (2017-6694f5cd3a)

high Nessus Plugin ID 97170

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

BitlBee 3.5.1 (30 Jan 2017) ===========================

- purple: Fix crash on file transfer requests from unknown contacts. This was the result of an incomplete fix in the previous release and may result in remote DoS. Read the full security advisory at:
https://bugs.bitlbee.org/ticket/1282

- After some investigation we decided to reclassify a crash fix from the previous release as a security issue.
Read the full security advisory at:
https://bugs.bitlbee.org/ticket/1281

- Included help.txt in the release tarball, which was missing in the previous release and resulted in adding python as a build dependency. The release tarball of 3.5.1 does not require python.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected bitlbee package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-6694f5cd3a

Plugin Details

Severity: High

ID: 97170

File Name: fedora_2017-6694f5cd3a.nasl

Version: 3.4

Type: local

Agent: unix

Published: 2/15/2017

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:bitlbee, cpe:/o:fedoraproject:fedora:24

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/9/2017

Vulnerability Publication Date: 2/9/2017

Reference Information