Fedora 23 : prosody-0.9.10-1.fc23 (2016-5a5c85c5a8)

Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...

Debian DSA-3463-1 : prosody - security update

It was discovered that insecure handling of dialback keys may allow a malicious XMPP server to impersonate another server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3463. The text...

[SECURITY] [DSA 3463-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3463-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 31, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 407-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...

CVE-2016-0756

The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...

CVE-2016-0756

The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...

CVE-2016-0756

The CVE-2016-0756 issue affects Prosody’s mod_dialback, where the generate_dialback function in versions prior to 0.9.10 failed to properly distinguish fields when generating a dialback key. This allows a remote attacker to spoof an XMPP network domain by crafting a stream ID and embedding the do...

CVE-2016-0756

The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...

prosody -- user impersonation vulnerability

The Prosody team reports: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756...