16 matches found
Ubuntu 18.04 ESM : Prosody vulnerability (USN-4834-1)
The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4834-1 advisory. It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issu...
openSUSE Security Update : prosody (openSUSE-2019-414)
This update for prosody to version 0.10.2 fixes the following issues : This security issue was fixed : - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...
Fedora 28 : prosody (2018-18f8c6ce79)
Prosody 0.10.2 ============== See upstream's blog post at https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of the release changes. Prosody 0.10.2 fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple...
openSUSE: Security Advisory for prosody (openSUSE-SU-2018:1632-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-10847
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...
CVE-2018-10847
Prosody vulnerability CVE-2018-10847 affects Prosody < 0.10.2 and
openSUSE Security Update : prosody (openSUSE-2018-597)
This update for prosody fixes the following issues : This security issue was fixed : - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing...
openSUSE Security Update : prosody (openSUSE-2018-596)
This update for prosody to version 0.10.2 fixes the following issues : This security issue was fixed : - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...
openSUSE: Security Advisory for prosody (openSUSE-SU-2018:1627-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for prosody FEDORA-2018-455803056d
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for prosody FEDORA-2018-18f8c6ce79
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for prosody (moderate)
This update for prosody to version 0.10.2 fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...
Security update for prosody (moderate)
This update for prosody fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing...
Debian DSA-4216-1 : prosody - security update
It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation...
[SECURITY] [DSA 4216-1] prosody security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4216-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4216-1] prosody security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4216-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2018 https://www.debian.org/security/faq -...