Bug 755551 (CVE-2011-4320)
Summary: | CVE-2011-4320 ejabberd (mod_pubsub): DoS (infinite loop, excessive CPU consumption) by processing malformed <publish> stanza | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jkaluza, lemenkov, martin |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-19 21:50:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 755556, 755557, 755558 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2011-11-21 13:19:58 UTC
This issue affects the versions of the ejabberd package, as shipped with Fedora EPEL 5 and Fedora EPEL 6 releases. Please schedule an update. -- This issue affects the versions of the ejabberd package, as shipped with Fedora release of 14, 15, and 16. Please schedule an update. Created ejabberd tracking bugs for this issue Affects: epel-5 [bug 755556] Affects: epel-6 [bug 755557] Affects: fedora-all [bug 755558] CVE assignment: [5] http://www.openwall.com/lists/oss-security/2011/11/19/2 Sorry for the hiatus, folks. I'm working on packaging 2.1.9 right now. The only issue I need to resolve is that ejabberd in Fedora is shipped with custom module for GSSAPI support - I'm working on rebasing it on top of 2.1.9 tag (I plan to finish it in a couple of hours). Also I plan to tightly integrate it with systemd, so expect update tomorrow morning (~ 08.00 UTC). Ok, I added first two builds for F-15 and F-16 (no builds for F-14 - sorry for that). Will add EL-[56] builds later. This was fixed long time ago. Can we just close this now? |