Security update for prosody (important)

openSUSE Security Update: Security update for prosody Announcement ID: openSUSE-SU-2021:0751-1 Rating: important References: 1186027 Cross-References: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes four...

Information Disclosure

prosody is vulnerable to information disclosure. The vulnerability exists as it does not use a constant-time algorithm for comparing secret strings when running under Lua 5.2 or later, allowing timing attacks to reveal the contents of secret strings...

Denial Of Service (DoS)

prosody is vulnerable to denial of service. A remote unauthenticated attacker is able to crash the application via memory exhaustion when running under Lua 5.2 or Lua 5.3 on default settings...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

DEBIAN-CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

Design/Logic Flaw

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

Code injection

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

UBUNTU-CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

UBUNTU-CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

CVE-2021-32921

CVE-2021-32921 affects Prosody before 0.11.9. When running under Lua 5.2 or later, it does not use a constant-time algorithm for comparing certain secret strings, which can enable a timing attack to reveal secret data. Public advisories and Debian/Arch/Gentoo listings corroborate this as part of ...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

CVE-2021-32918

CVE-2021-32918 affects Prosody prior to 0.11.9. A default-configuration condition allows remote unauthenticated DoS via memory exhaustion when running under Lua 5.2 or Lua 5.3. The vulnerability arises from the way the server handles requests under those Lua versions, with the impact described as...

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

[SECURITY] Fedora 33 Update: redis-6.0.13-1.fc33

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...