You are here
Home > Preporuke > Ranjivost programskog paketa smack

Ranjivost programskog paketa smack

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-16312
2014-12-05 00:23:46
——————————————————————————–

Name : smack
Product : Fedora 21
Version : 3.2.2
Release : 8.fc21
URL : http://www.igniterealtime.org/projects/smack/index.jsp
Summary : Open Source XMPP (Jabber) client library
Description :
Smack is an Open Source XMPP (Jabber) client library for instant
messaging and presence. A pure Java library, it can be embedded
into your applications to create anything from a full XMPP client
to simple XMPP integrations such as sending notification messages and
presence-enabling devices.

——————————————————————————–
Update Information:

fix for CVE-2014-0363 (rhbz#1093274)
——————————————————————————–
ChangeLog:

* Thu Dec 4 2014 gil cattaneo <puntogil@libero.it> 3.2.2-8
– fix for CVE-2014-0363 (rhbz#1093274)
– remove jzlib systemPath in smackx pom
——————————————————————————–
References:

[ 1 ] Bug #1093273 – CVE-2014-0363 smack: incorrect X.509 certificate validation
https://bugzilla.redhat.com/show_bug.cgi?id=1093273
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update smack’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-16383
2014-12-06 01:55:29
——————————————————————————–

Name : smack
Product : Fedora 20
Version : 3.2.2
Release : 6.fc20
URL : http://www.igniterealtime.org/projects/smack/index.jsp
Summary : Open Source XMPP (Jabber) client library
Description :
Smack is an Open Source XMPP (Jabber) client library for instant
messaging and presence. A pure Java library, it can be embedded
into your applications to create anything from a full XMPP client
to simple XMPP integrations such as sending notification messages and
presence-enabling devices.

——————————————————————————–
Update Information:

fix for CVE-2014-0363 (rhbz#1093274)
——————————————————————————–
ChangeLog:

* Thu Dec 4 2014 gil cattaneo <puntogil@libero.it> 3.2.2-6
– fix for CVE-2014-0363 (rhbz#1093274)
– remove jzlib systemPath in smackx pom
* Thu Aug 21 2014 gil cattaneo <puntogil@libero.it> 3.2.2-5
– fix for CVE-2014-5075 (rhbz#1127277)
——————————————————————————–
References:

[ 1 ] Bug #1093273 – CVE-2014-0363 smack: incorrect X.509 certificate validation
https://bugzilla.redhat.com/show_bug.cgi?id=1093273
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update smack’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorTomislav Protega
Cert idNCERT-REF-2014-12-0010-ADV
CveCVE-2014-0363 CVE-2014-5075
ID izvornikaFEDORA-2014-16312 FEDORA-2014-16383
Proizvodsmack
Izvorhttp://www.redhat.com
Top
More in Preporuke
Ranjivost programske biblioteke libyaml

Otkrivena je ranjivost u datoteci scanner.c u biblioteci libyaml korištene u perl modulu YAML-LibYAML, a sadržajno-ovisnim napadačima omogućuje izazivanje gubitka...

Close