GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jun 21, 2012 8:26 pm Post subject: [ GLSA 201206-10 ] ejabberd: Multiple Denial of Service vuln |
 |
|
Gentoo Linux Security Advisory
Title: ejabberd: Multiple Denial of Service vulnerabilities (GLSA 201206-10)
Severity: normal
Exploitable: remote
Date: June 21, 2012
Bug(s): #308047, #370201, #386075
ID: 201206-10
Synopsis
Multiple vulnerabilities have been found in ejabberd, the worst of
which allowing for remote Denial of Service.
Background
ejabberd is the Erlang jabber daemon.
Affected Packages
Package: net-im/ejabberd
Vulnerable: < 2.1.9
Unaffected: >= 2.1.9
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in ejabberd. Please review
the CVE identifiers referenced below for details.
Impact
ejabberd allows remote attackers to cause a Denial of Service condition
with the result of either crashing the daemon or the whole system by
causing memory and CPU consumption.
Workaround
There is no known workaround at this time.
Resolution
All ejabberd users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/ejabberd-2.1.9"
|
References
CVE-2010-0305
CVE-2011-1753
CVE-2011-4320
Last edited by GLSA on Thu Apr 03, 2014 4:31 am; edited 2 times in total |
|
News & Announcements
