Joined: 12 May 2004
|Posted: Thu Jun 21, 2012 8:26 pm Post subject: [ GLSA 201206-10 ] ejabberd: Multiple Denial of Service vuln
|Gentoo Linux Security Advisory
Title: ejabberd: Multiple Denial of Service vulnerabilities (GLSA 201206-10)
Date: June 21, 2012
Bug(s): #308047, #370201, #386075
Multiple vulnerabilities have been found in ejabberd, the worst of
which allowing for remote Denial of Service.
ejabberd is the Erlang jabber daemon.
Vulnerable: < 2.1.9
Unaffected: >= 2.1.9
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in ejabberd. Please review
the CVE identifiers referenced below for details.
ejabberd allows remote attackers to cause a Denial of Service condition
with the result of either crashing the daemon or the whole system by
causing memory and CPU consumption.
There is no known workaround at this time.
All ejabberd users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/ejabberd-2.1.9"
Last edited by GLSA on Thu Apr 03, 2014 4:31 am; edited 2 times in total