Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Fedora 22 Prosody Update: 2016-02-03 Moderate Impersonation Fix

fedora
Calendar Grey February 3, 2016
Dist Fedora Esm H88
The Prosody 0.9.10 security patch for Fedora 22 strengthens defenses against identity spoofing and optimizes network management.
Prosody 0.9.10 -------- * mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Fixes and improvements --------------------...

Summary

Prosody is a flexible communications server for Jabber/XMPP written in Lua.

It aims to be easy to use, and light on resources. For developers it aims

to be easy to extend and give a flexible system on which to rapidly develop

added functionality, or prototype new protocols.

Update Information:

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- * mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756) Fixes and improvements ---------------------- * Startup: Open /dev/urandom read-only, to fix a failure to start on some systems (fixes #585) * Networking: Improve handling of the 'select' network backend running out of file descriptors Minor changes ------------- * Networking: Increase default internal read size to prevent connections stalling with LuaEvent (see #583) * DNS: Discard queries that failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority of shutdown handler, so that modules such as MUC can always send shutdown notifications to (remote) users (fixes #601)

Change Log

References


[ 1 ] Bug #1302463 - CVE-2016-0756 prosody: mod_dialback allows impersonation attacks https://bugzilla.redhat.com/show_bug.cgi?id=1302463

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update prosody' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: prosody
Product: Fedora 22
Version: 0.9.10
Release: 1.fc22
Summary: Flexible communications server for Jabber/XMPP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.