GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 26, 2021 1:26 pm Post subject: [ GLSA 202105-07 ] Telegram |
 |
|
Gentoo Linux Security Advisory
Title: Telegram: Security bypass (GLSA 202105-07)
Severity: low
Exploitable: remote
Date: 2021-05-26
Bug(s): #771684
ID: 202105-07
Synopsis
An insufficient session expiration has been reported in Telegram.
Background
Telegram is a cloud-based mobile and desktop messaging app with a focus
on security and speed.
Affected Packages
Package: net-im/telegram-desktop
Vulnerable: < 2.4.11
Unaffected: >= 2.4.11
Architectures: All supported architectures
Package: net-im/telegram-desktop-bin
Vulnerable: < 2.4.11
Unaffected: >= 2.4.11
Architectures: All supported architectures
Description
It was discovered that Telegram failed to invalidate a recently active
session.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Telegram users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/telegram-desktop-2.4.11"
|
All Telegram binary users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-im/telegram-desktop-bin-2.4.11"
|
References
CVE-2021-27351 |
|
News & Announcements
