You are here
Home > Preporuke > Sigurnosni propust programskog paketa prosody

Sigurnosni propust programskog paketa prosody

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-02-05 17:31:31.573263

Name : prosody
Product : Fedora 23
Version : 0.9.10
Release : 1.fc23
Summary : Flexible communications server for Jabber/XMPP
Description :
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.

Update Information:

Prosody 0.9.10 ============== A summary of changes in this release: Security
——– * mod_dialback: Adopt key generation algorithm from XEP-0185, to
prevent impersonation attacks (CVE-2016-0756) Fixes and improvements
———————- * Startup: Open /dev/urandom read-only, to fix a
failure to start on some systems (fixes #585) * Networking: Improve handling of
the ‘select’ network backend running out of file descriptors Minor changes
————- * Networking: Increase default internal read size to prevent
connections stalling with LuaEvent (see #583) * DNS: Discard queries that
failed to send due to connection errors (fixes #598) * c2s, s2s: Lower priority
of shutdown handler, so that modules such as MUC can always send shutdown
notifications to (remote) users (fixes #601)

[ 1 ] Bug #1302463 – CVE-2016-0756 prosody: mod_dialback allows impersonation attacks

This update can be installed with the “yum” update program. Use
su -c ‘yum update prosody’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorTomislav Protega
Cert idNCERT-REF-2016-02-0014-ADV
ID izvornikaFEDORA-2016
More in Preporuke
Ranjivosti programskog paketa polarssl

Otkrivene su dvije ranjivosti u programskoj biblioteci polarssl za Debian uzrokovane prekoračenjem spremnika gomile, što udaljenim SSL poslužiteljima pruža mogućnost...