security advisorydenial of serviceupdate
A bug in the handling of SSL connections could cause the server process to crash, resulting in a denial of service.. - -------------------------------------------------------------------------- Debian Security Advisory DSA 414-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Matt Zimmerman January 6th, 2004 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : jabber Vulnerability : denial of service Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0013 A vulnerability was discovered in jabber, an instant messaging server, whereby a bug in the handling of SSL connections could cause the server process to crash, resulting in a denial of service. For the current stable distribution (woody) this problem has been fixed in version 1.4.2a-1.1woody1. For the unstable distribution (sid) this problem has been fixed in version 1.4.3-1. We recommend that you update your jabber package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 580 efa342add13e86c05cb394604aab89d0 Size/MD5 checksum: 61467 d8b19d51fc83095db7132e1c5abc651c Size/MD5 checksum: 690217 10780dbdb93926ea5bb360e1186b939c Alpha architecture: Size/MD5 checksum: 241262 e1dfb66863a3392f0e078503fc070ba3 ARM architecture: Size/MD5 checksum: 207750 4f6554511245c45dea401b767e60f8b8 IntelIA-32 architecture: Size/MD5 checksum: 196148 522769b98c8daafcbc98248c41bce10c Intel IA-64 architecture: Size/MD5 checksum: 356460 e30221687c1df3ce1e04d56f07e18073 HP Precision architecture: Size/MD5 checksum: 226222 e62ee0c273d73f325339a954058a6836 Motorola 680x0 architecture: Size/MD5 checksum: 200616 7dcda4e913787e0511eb4dc148ce61ea Big endian MIPS architecture: Size/MD5 checksum: 203188 7124007a61770fc8146eaa7969757dd2 Little endian MIPS architecture: Size/MD5 checksum: 202356 31d39182928dca472a77a516fab60698 PowerPC architecture: Size/MD5 checksum: 205032 6a4ea17882063074292b7682abeb032a IBM S/390 architecture: Size/MD5 checksum: 210494 d631c49818c85f5b6b003c115b36b7cf Sun Sparc architecture: Size/MD5 checksum: 224836 90d74ff4bc33673515d47e8ede21f6fa These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Strengthen your Debian system by upgrading the jabber package to fix a serious SSL vulnerability. Follow these detailed, stepwise instructions for effective mitigation. Debian Security Advisory, Jabber Denial of Service, SSL Connection Bug. . Severity: Critical. LinuxSecurity.com Team
Jan 07, 2004
•Critical
Debian
Refine advisories
