Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 23: 2016-38e48069f8 Moderate: Prosody Path Traversal and PRNG Issues

fedora
Calendar Grey January 20, 2016
Dist Fedora Esm H88
Version 0.9.9 of Prosody for Fedora enhances security by fixing vulnerabilities in path traversal and random number generation. For more details on this update, click here
Prosody 0.9.9 -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs --...

Summary

Prosody is a flexible communications server for Jabber/XMPP written in Lua.

It aims to be easy to use, and light on resources. For developers it aims

to be easy to extend and give a flexible system on which to rapidly develop

added functionality, or prototype new protocols.

Update Information:

Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd

Change Log

References


[ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use of weak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update prosody' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: prosody
Product: Fedora 23
Version: 0.9.9
Release: 2.fc23
Summary: Flexible communications server for Jabber/XMPP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here