gnome-online-accounts-3.22.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10398 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gnome-online-accounts-3.22.2-1.1 on GA media These are all security issues fixed in the gnome-online-accounts-3.22.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10398 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10398 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-0240/ SUSE CVE CVE-2013-0240 page https://www.suse.com/security/cve/CVE-2013-1799/ SUSE CVE CVE-2013-1799 page openSUSE Tumbleweed gnome-online-accounts-3.22.2-1.1 gnome-online-accounts-devel-3.22.2-1.1 gnome-online-accounts-lang-3.22.2-1.1 libgoa-1_0-0-3.22.2-1.1 libgoa-1_0-0-32bit-3.22.2-1.1 libgoa-backend-1_0-1-3.22.2-1.1 libgoa-backend-1_0-1-32bit-3.22.2-1.1 typelib-1_0-Goa-1_0-3.22.2-1.1 gnome-online-accounts-3.22.2-1.1 as a component of openSUSE Tumbleweed gnome-online-accounts-devel-3.22.2-1.1 as a component of openSUSE Tumbleweed gnome-online-accounts-lang-3.22.2-1.1 as a component of openSUSE Tumbleweed libgoa-1_0-0-3.22.2-1.1 as a component of openSUSE Tumbleweed libgoa-1_0-0-32bit-3.22.2-1.1 as a component of openSUSE Tumbleweed libgoa-backend-1_0-1-3.22.2-1.1 as a component of openSUSE Tumbleweed libgoa-backend-1_0-1-32bit-3.22.2-1.1 as a component of openSUSE Tumbleweed typelib-1_0-Goa-1_0-3.22.2-1.1 as a component of openSUSE Tumbleweed Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. CVE-2013-0240 openSUSE Tumbleweed:gnome-online-accounts-3.22.2-1.1 openSUSE Tumbleweed:gnome-online-accounts-devel-3.22.2-1.1 openSUSE Tumbleweed:gnome-online-accounts-lang-3.22.2-1.1 openSUSE Tumbleweed:libgoa-1_0-0-3.22.2-1.1 openSUSE Tumbleweed:libgoa-1_0-0-32bit-3.22.2-1.1 openSUSE Tumbleweed:libgoa-backend-1_0-1-3.22.2-1.1 openSUSE Tumbleweed:libgoa-backend-1_0-1-32bit-3.22.2-1.1 openSUSE Tumbleweed:typelib-1_0-Goa-1_0-3.22.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0240.html CVE-2013-0240 https://bugzilla.suse.com/802409 SUSE Bug 802409 https://bugzilla.suse.com/808534 SUSE Bug 808534 Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. CVE-2013-1799 openSUSE Tumbleweed:gnome-online-accounts-3.22.2-1.1 openSUSE Tumbleweed:gnome-online-accounts-devel-3.22.2-1.1 openSUSE Tumbleweed:gnome-online-accounts-lang-3.22.2-1.1 openSUSE Tumbleweed:libgoa-1_0-0-3.22.2-1.1 openSUSE Tumbleweed:libgoa-1_0-0-32bit-3.22.2-1.1 openSUSE Tumbleweed:libgoa-backend-1_0-1-3.22.2-1.1 openSUSE Tumbleweed:libgoa-backend-1_0-1-32bit-3.22.2-1.1 openSUSE Tumbleweed:typelib-1_0-Goa-1_0-3.22.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1799.html CVE-2013-1799 https://bugzilla.suse.com/808534 SUSE Bug 808534