You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa prosody

Sigurnosni nedostatak programskog paketa prosody

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-02-03 17:24:42.904410

Name : prosody
Product : Fedora 22
Version : 0.9.10
Release : 1.fc22
Summary : Flexible communications server for Jabber/XMPP
Description :
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.

Update Information:

Prosody 0.9.10 ============== A summary of changes in this release: Security
——– * mod_dialback: Adopt key generation algorithm from XEP-0185, to
prevent impersonation attacks (CVE-2016-0756) Fixes and improvements
———————- * Startup: Open /dev/urandom read-only, to fix a
failure to start on some systems (fixes #585) * Networking: Improve handling of
the ‘select’ network backend running out of file descriptors Minor changes
————- * Networking: Increase default internal read size to prevent
connections stalling with LuaEvent (see #583) * DNS: Discard queries that
failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority
of shutdown handler, so that modules such as MUC can always send shutdown
notifications to (remote) users (fixes #601)

[ 1 ] Bug #1302463 – CVE-2016-0756 prosody: mod_dialback allows impersonation attacks

This update can be installed with the “yum” update program. Use
su -c ‘yum update prosody’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarko Stanec
Cert idNCERT-REF-2016-02-0008-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu

Otkriveni su sigurnosni nedostaci u programskom paketu qemu za Fedoru 22. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja usluge...