Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Debian Security Advisory 5379-1[6]
- Authored by Debian[7] | Site debian.org[8]
-
Debian Linux Security Advisory 5379-1 - Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.
- systems | linux[9], debian[10]
- advisories | CVE-2023-28686[11]
- SHA-256 |
e7e91174b6b74ca65394c6ad4132a0a2f37244154e102da74fd77c04ecc1be22
- Download[12] | Favorite[13] | View[14]
Change Mirror[15] Download[16]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5379-1Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
https://www.debian.org/security/ Salvatore Bonaccorso
March 27, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : dino-im
CVE ID : CVE-2023-28686
Debian Bug : 1033370
Kim Alvefur discovered that insufficient message sender validation in
dino-im, a modern XMPP/Jabber client, may result in manipulation of
entries in the personal bookmark store without user interaction via a
specially crafted message. Additionally an attacker can take advantage
of this flaw to change how group chats are displayed or force a user to
join or leave an attacker-selected groupchat.
For the stable distribution (bullseye), this problem has been fixed in
version 0.2.0-3+deb11u1.
We recommend that you upgrade your dino-im packages.
For the detailed security status of dino-im please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/dino-im
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list:Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQh9+5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RbDw//Z/7169K4r3YYBJIYG6AoQIhkxoTOYoXn9HFy4a9itr7WJGG4tbEXeL85
44J+We3WWc4PdoxTPkh3Sb2lX38Fn/6yD5n1Ciszq5zj0k2nMXhylA5Hi46yR0YW
wLmIZTcUxNLKum+PqfrCVAzYPmELz1KZ17moO0xkOQXm82mOedGQbsa2Sh1Soh8F
VCR/uR8b68bMLopbmEAISgG0aRVWqJFBI700jO67t9dxww50fAVir1m+IIXc0N3r
4JSQtm7twwI5JqZgMsW4zUMw2SN31UshuUMKZWt+PF1wXeMWZXrjLtLIlVLWxaDR
cLx2azTyazloROjL8X9D0FbLQQhJ3IwiTyzxexLZ9tcWSOslA52bc3NFyyy9IvUo
wXV4B6ImmVOsuQ47VQzLJ0qOyzYSwfyvx96U5RSOsci73YVbnh2cENQWx6gGfDk6
j61ttQeEmAN+qsjocXBpokrq8BOJzTEE/5uzBQO9tykL5O5CtmpV63GjBHyE7kXb
qdFZEs+uJDqB4LiVMWoWKXEXYZlEfNigLABH/YriXn2xwRMbCMr8PnCSNpJFcYGj
gIUHQcbCwe78ulU3hM1hvtH3rlsw6zV/JpFRYAIhl0A4kzYszEpWH5ZZTF1lW+g9
N0pt8ZnwG9HF3rIVij/7ywCQDaqlzkoJUTmrDKcEGcXmvZ8H05E=
=jDD6
-----END PGP SIGNATURE-----
File Tags
- ActiveX[22] (932)
- Advisory[23] (80,599)
- Arbitrary[24] (15,917)
- BBS[25] (2,859)
- Bypass[26] (1,653)
- CGI[27] (1,022)
- Code Execution[28] (7,047)
- Conference[29] (677)
- Cracker[30] (840)
- CSRF[31] (3,306)
- DoS[32] (22,932)
- Encryption[33] (2,359)
- Exploit[34] (50,720)
- File Inclusion[35] (4,180)
- File Upload[36] (951)
- Firewall[37] (821)
- Info Disclosure[38] (2,689)
- Intrusion Detection[39] (876)
- Java[40] (2,957)
- JavaScript[41] (830)
- Kernel[42] (6,449)
- Local[43] (14,297)
- Magazine[44] (586)
- Overflow[45] (12,543)
- Perl[46] (1,419)
- PHP[47] (5,111)
- Proof of Concept[48] (2,297)
- Protocol[49] (3,502)
- Python[50] (1,488)
- Remote[51] (30,282)
- Root[52] (3,534)
- Rootkit[53] (502)
- Ruby[54] (603)
- Scanner[55] (1,633)
- Security Tool[56] (7,824)
- Shell[57] (3,133)
- Shellcode[58] (1,206)
- Sniffer[59] (890)
- Spoof[60] (2,182)
- SQL Injection[61] (16,171)
- TCP[62] (2,384)
- Trojan[63] (687)
- UDP[64] (880)
- Virus[65] (663)
- Vulnerability[66] (31,381)
- Web[67] (9,467)
- Whitepaper[68] (3,740)
- x86[69] (946)
- XSS[70] (17,581)
- Other[71]
File Archives
- March 2023[72]
- February 2023[73]
- January 2023[74]
- December 2022[75]
- November 2022[76]
- October 2022[77]
- September 2022[78]
- August 2022[79]
- July 2022[80]
- June 2022[81]
- May 2022[82]
- April 2022[83]
- Older[84]
Systems
- AIX[85] (426)
- Apple[86] (1,960)
- BSD[87] (370)
- CentOS[88] (56)
- Cisco[89] (1,919)
- Debian[90] (6,714)
- Fedora[91] (1,691)
- FreeBSD[92] (1,242)
- Gentoo[93] (4,288)
- HPUX[94] (878)
- iOS[95] (340)
- iPhone[96] (108)
- IRIX[97] (220)
- Juniper[98] (67)
- Linux[99] (45,130)
- Mac OS X[100] (684)
- Mandriva[101] (3,105)
- NetBSD[102] (256)
- OpenBSD[103] (482)
- RedHat[104] (12,923)
- Slackware[105] (941)
- Solaris[106] (1,609)
- SUSE[107] (1,444)
- Ubuntu[108] (8,448)
- UNIX[109] (9,208)
- UnixWare[110] (185)
- Windows[111] (6,532)
- Other[112]
- Services
- Security Services[123]
- Hosting By
- Rokasec[124]
Read more https://packetstormsecurity.com/files/171568/dsa-5379-1.txt