DSA-2033-1 ejabberd -- heap overflowID: oval:org.secpod.oval:def:600076 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon. For the stable distribution , this problem has been fixed in version 2.0.1-6+lenny2. For the testing distribution , this problem has been fixed in version 2.1.2-2. For the testing distribution , this problem has been fixed in version 2.1.2-2. We recommend that you upgrade your ejabberd packages.