Security
Security
A vulnerability has been discovered in slixmpp which can result in successful man-in-the-middle attacks.
| Package | dev-python/slixmpp on all architectures |
|---|---|
| Affected versions | < 1.8.3 |
| Unaffected versions | >= 1.8.3 |
slixmpp is a Python 3 library for XMPP.
slixmpp does not validate hostnames in certificates used by connected servers.
An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp.
There is no known workaround at this time.
All slixmpp users should upgrade to the latest version:
# emerge --sync # emerge --ask --upgrade --verbose ">=dev-python/slixmpp-1.8.3"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
low
Exploitable
remote
Bugzilla entries