FEDORA-EPEL-2016-69b4d0e57c

security update in Fedora EPEL 7 for prosody

Status: stable 3 years ago

Prosody 0.9.10

A summary of changes in this release:

Security

  • mod_dialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks (CVE-2016-0756)

Fixes and improvements

  • Startup: Open /dev/urandom read-only, to fix a failure to start on some systems (fixes #585)
  • Networking: Improve handling of the 'select' network backend running out of file descriptors

Minor changes

  • Networking: Increase default internal read size to prevent connections stalling with LuaEvent (see #583)
  • DNS: Discard queries that failed to send due to connection errors (fixes #598)
  • c2s, s2s: Lower priority of shutdown handler, so that modules such as MUC can always send shutdown notifications to (remote) users (fixes #601)

Comments 6

This update has been submitted for testing by robert.

robert edited this update.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by robert.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 1
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 2

00 #1302463 CVE-2016-0756 prosody: mod_dialback allows impersonation attacks
00 #1302566 CVE-2016-0756 prosody: mod_dialback allows impersonation attacks [epel-all]

Automated Test Results