DSA-2895-1 prosody -- prosodyID: oval:org.secpod.oval:def:601919 | Date: (C)2015-01-22 (M)2021-09-13 |
Class: PATCH | Family: unix |
A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements over XMPP streams and consume all the resources of the server. The SAX XML parser lua-expat is also affected by this issues. For the stable distribution , this problem has been fixed in version 0.8.2-4+deb7u1 of prosody. For the unstable distribution , this problem has been fixed in version 0.9.4-1 of prosody.