Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-0240

Published: 5 February 2013

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Notes

AuthorNote
mdeslaur 
3.2 in oneiric and 3.4 in precise only have web backends, so
the 3.4 patch will work. In 3.6+, more backends are available
that may have invalid certs, but are desirable. The 3.7 patch
adds a new configuration item, but this changes API.
jdstrand 
note that CVE-2013-1799 is a result of an incomplete fix for this
CVE (and pt2 of the patch for 3.6)

Priority

Medium

Status

Package Release Status
gnome-online-accounts
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

oneiric
Released (3.2.1-0ubuntu1.1)
precise
Released (3.4.0-0ubuntu1.1)
quantal
Released (3.6.0-0ubuntu1.1)
upstream
Released (3.4.2-2,3.6.3)
Patches:
upstream: http://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
upstream: http://git.gnome.org/browse/gnome-online-accounts/commit/?id=d5d229529c498ab8b19c29080dd79930fd353d93
upstream: http://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-4&id=5a3d3862b0765385f38ca1ba2a9e2e74eb0d111d
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=de6ee1fa825297c6c89cddb767f4da8df6dbfca2
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=232bffd1dae3e708f06d83fd802a2218e43ebc5d
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=229a82872b4c5399c1d3793c46ba5d3e19e1a8ee
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=55f1171b15d5c307894943a6b753dd8e59b1452d
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=03aa82a3777885fe3a06db02621852f1f8c429d8
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=012dbc6d6cac1ad1696dd11b96ee389f0efbb134
upstream: https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading