Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 43 Prosody 13.0.5 Critical Security Advisory 2026-36c53b9ca8

fedora
Calendar Grey May 10, 2026
Dist Fedora Esm H88
Discover critical security advisory for Prosody 13.0.5 on Fedora 43 addressing multiple vulnerabilities and upgrade options.
Prosody 13.0.5 Upstream is pleased to announce a new minor release from their stable branch

Summary

Prosody is a flexible communications server for Jabber/XMPP written in Lua.

It aims to be easy to use, and light on resources. For developers it aims

to be easy to extend and give a flexible system on which to rapidly develop

added functionality, or prototype new protocols.

Update Information:

Prosody 13.0.5 Upstream is pleased to announce a new minor release from their stable branch. This is a security release for the Prosody 13.0.x stable series. It fixes multiple security issues, some memory leaks and some smaller bugs and changes which have been implemented since the previous release. Full details about the security vulnerabilities can be found in upstream's security advisory. Upstream encourages all Prosody operators on 13.0.4 or earlier to upgrade to 13.0.5 as soon as possible, or to review the advisory and implement appropriate mitigations. A summary of changes in this release: Security mod_proxy65: Consistently apply authorization checks mod_proxy65: Don\u2019t proxy data until after bytestream activation mod_c2s, mod_s2s: Introduce new pre-authentication stanza size limit Add limit for stanza max child elements mod_c2s: Remove timers immediately on disconnection net.server_epoll: Clean up timers after disconnection Fixes and improvements net.http.parser: Fix hand...

Topics%20covered

Topics Covered

security advisory denial of service unauthorized access fedora critical prosody

Change Log

* Thu Apr 30 2026 Robert Scheck 13.0.5-1 - Upgrade to 13.0.5 (#2463898) * Thu Apr 16 2026 Tom Callaway - 13.0.4-3 - rebuild * Sun Mar 15 2026 Tom Callaway - 13.0.4-2 - rebuild for lua 5.5 - apply upstream fix for configure - make a new patch to actually support lua 5.5

References


[ 1 ] Bug #2464363 - CVE-2026-43507 Prosody: Prosody: Denial of Service via XML parsing resource amplification https://bugzilla.redhat.com/show_bug.cgi?id=2464363 [ 2 ] Bug #2464412 - CVE-2026-43504 Prosody: mod_proxy65: Prosody: Unauthenticated traffic relay due to access control mishandling in mod_proxy65 https://bugzilla.redhat.com/show_bug.cgi?id=2464412 [ 3 ] Bug #2464452 - CVE-2026-43505 Prosody: mod_proxy65: Prosody: Unauthorized traffic relay via mod_proxy65 access control flaw https://bugzilla.redhat.com/show_bug.cgi?id=2464452 [ 4 ] Bug #2464492 - CVE-2026-43506 Prosody: Prosody: Denial of Service via memory exhaustion from unauthenticated connections https://bugzilla.redhat.com/show_bug.cgi?id=2464492

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-36c53b9ca8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: prosody
Product: Fedora 43
Version: 13.0.5
Release: 1.fc43
URL: https://prosody.im/
Summary: Flexible communications server for Jabber/XMPP

Topics%20covered

Topics Covered

security advisory denial of service unauthorized access fedora critical prosody

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here