Fedora 18 : telepathy-gabble-0.16.6-1.fc18 (2013-9794)

Medium Nessus Plugin ID 67382


The remote Fedora host is missing a security update.


This release fixes a man-in-the-middle attack.

If you use an unencrypted connection to a 'legacy Jabber' (pre-XMPP) server, this version of Gabble will not connect until you make one of these configuration changes :

- upgrade the server software to something that supports XMPP 1.0; or

- use an encrypted 'old SSL' connection, typically on port 5223 (old-ssl); or

- turn off 'Encryption required (TLS/SSL)' (require-encryption)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected telepathy-gabble package.

See Also



Plugin Details

Severity: Medium

ID: 67382

File Name: fedora_2013-9794.nasl

Version: $Revision: 1.5 $

Type: local

Agent: unix

Published: 2013/07/12

Modified: 2015/10/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:telepathy-gabble, cpe:/o:fedoraproject:fedora:18

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/01

Reference Information

CVE: CVE-2013-1431

BID: 60237

FEDORA: 2013-9794