INFSA-2022:1801: gfbgraph security update

Information about definition

Identificator: INFSA-2022:1801

Type: security

Release date: 2025-10-31 13:09:40 UTC

Information about package

GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts.

Vulnerabilities description

  • CVE-2021-39358

    GNOME libgfbgraph is vulnerable to a man-in-the-middle attack, caused by not enabling TLS certificate verification on the SoupSessionSync objects it creates in gfbgraph-photo.c. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 7.5 no information
Critical, important, moderate, low

Updated packages

loader icon Preparing to download...
Architecture: Download