ASA-202107-45: telegram-desktop: content spoofing

Arch Linux 754 Published by

A telegram-desktop security update has been released for Arch Linux.



ASA-202107-45: telegram-desktop: content spoofing


Arch Linux Security Advisory ASA-202107-45
=========================================
Severity: Low
Date : 2021-07-20
CVE-ID : CVE-2021-36769
Package : telegram-desktop
Type : content spoofing
Remote : Yes
Link :   https://security.archlinux.org/AVG-2170

Summary
======
The package telegram-desktop before version 2.8.11-1 is vulnerable to
content spoofing.

Resolution
=========
Upgrade to 2.8.11-1.

# pacman -Syu "telegram-desktop>=2.8.11-1"

The problem has been fixed upstream in version 2.8.11.

Workaround
=========
None.

Description
==========
A reordering issue exists in Telegram Desktop before 2.8.8. An attacker
can cause the server to receive messages in a different order than they
were sent by a client.

Impact
=====
A man-in-the-middle attacker could reorder the messages sent by a
client, potentially altering the meaning of the conversation.

References
=========
  https://mtpsym.github.io/
  https://security.archlinux.org/CVE-2021-36769


RHSA-2021:2730-01: Important: kernel security and bug fix update

GLSA 202107-48 : systemd: Multiple vulnerabilities

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...