Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 22: 2016-e289f41b76 Critical: Prosody Path Traversal and PRNG Issues

fedora
Calendar Grey January 21, 2016
Dist Fedora Esm H88
Debian's latest security patch resolves severe vulnerabilities, such as privilege escalation and insufficient entropy concerns.
Prosody 0.9.9 -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs --...

Summary

Prosody is a flexible communications server for Jabber/XMPP written in Lua.

It aims to be easy to use, and light on resources. For developers it aims

to be easy to extend and give a flexible system on which to rapidly develop

added functionality, or prototype new protocols.

Update Information:

Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd

Change Log

References


[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update prosody' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: prosody
Product: Fedora 22
Version: 0.9.9
Release: 2.fc22
Summary: Flexible communications server for Jabber/XMPP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here