DSA-2895-2 prosody -- prosodyID: oval:org.secpod.oval:def:601267 | Date: (C)2014-07-21 (M)2022-10-10 |
Class: PATCH | Family: unix |
The update for prosody in DSA 2895 caused a regression when a client logins with the compression functionality activated. This update corrects that problem. For reference, the original advisory text follows. A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements over XMPP streams and consume all the resources of the server.