logo
DATABASE RESOURCES PRICING ABOUT US

Debian Security Advisory DSA 2895-1 (prosody - security update)

Description

A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-compressed XML elements (attack known as zip bomb) over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected by this issues.


Related