Fedora 23 : prosody-0.9.9-2.fc23 (2016-38e48069f8)

Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232 Bugs ---- Improve handling of CNAME records in DNS Fix traceback when deleting a user...

Fedora 22 : prosody-0.9.9-2.fc22 (2016-e289f41b76)

Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232 Bugs ---- Improve handling of CNAME records in DNS Fix traceback when deleting a user...

[SECURITY] [DLA 407-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u2 CVE ID : CVE-2016-0756 The flaw allows a malicious server to impersonate the vulnerable domain to any XMPP domain whose domain name includes the attackers domain as a suffix. For example, bber.example would be able to connect to jabber.example an...

DLA-407-1 prosody - security update

Bulletin has no description...

prosody: Security update (2 CVEs)

The prosody package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 0.9.8-1 = 0.9.9-1 CHANGELOG Mon, 25 Jan 2016 13:31:29 +0100 bb23089 fixes: path traversal vulnerability in modhttpfiles CVE-2016-1231 use of weak PRNG in generation ...

prosody: Security update (2 CVEs)

The prosody package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues. VERSION 0.9.8-1 = 0.9.9-1 CHANGELOG Mon, 25 Jan 2016 13:31:29 +0100 bb23089 fixes: path traversal vulnerability in modhttpfiles CVE-2016-1231 use of weak PRNG in generation ...

Fedora Update for prosody FEDORA-2016-38

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 391-1] prosody security update

Package : prosody Version : 0.7.0-1squeeze1+deb6u1 CVE ID : CVE-2016-1232 It was discovered that in prosody, a Lightweight Jabber/XMPP server, used a weak PRNG in the moddialback module. For Debian 6 Squeeze, this issue has been fixed in prosody version 0.7.0-1squeeze1+deb6u1. Regards, - -- ,. : ...

FreeBSD : prosody -- multiple vulnerabilities (842cd117-ba54-11e5-9728-002590263bf5)

The Prosody Team reports : Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBS...

CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

DEBIAN-CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

CVE-2016-1232

The CVE-2016-1232 issue affects Prosody’s mod_dialback in versions before 0.9.9, where dialback secret tokens were generated with a weak PRNG. This vulnerability can enable spoofing of server-to-server connections via brute force. The Fedora/Debian advisories reference a fix in Prosody 0.9.9 (and...

CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

Debian DSA-3439-1 : prosody - security update

Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody's HTTP file-serving module that allows it to serve requests outside of the...

[SECURITY] [DSA 3439-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3439-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3439-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 10, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3439-1 (prosody - security update)

Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-1231 Kim Alvefur discovered a flaw in Prosody OpenVAS Vulnerability Test $Id: deb3439.nasl 6608 2017-07-07 12:05:05Z cfische...

prosody -- multiple vulnerabilities

The Prosody Team reports: Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232...